A client has asked us to develop a proprietary in-house app for managing their back-end systems. However, we are a small development company and I'm certain that their company does not have >500 employees.
Are there any alternative, yet similar, solutions to distributing this app to their company without going through the iPhone enterprise program?
(just to clarify: obviously, we would like to go through the official enterprise program but seeing how the company doesn't have >500 employees, this isn't possible).
UPDATE (27/09): It appears Apple have removed the 500 employee limit for the enterprise distribution See here. So this will probably be our route now (which is helpful because the app is approaching completion). I'll update this as we go through the process if anyone would like me to, so that others may get an idea of what the actual process is like.
You can submit the app as a completely free app on the AppStore but require that the user log in and authenticate to use it. That way anyone can download it but you control who can actually use it. Apple does all the distribution for you for and you don't have to worry about Ad-Hoc deployments or IT departments.
You then build a really simple configuration management system on a web host (or platform like Google AppEngine) that manages the authentication of apps.
When a user launches the free app they are asked for a username/password/whatever. That information is sent to the web-based configuration management system and confirmed. If the app receives an acceptable confirmation from the configuration management system it unlocks itself for use by that user.
The app can either re-authenticate every time it launches (useful if you want lots of control) or it can store a key file locally indicating that it has been authenticated. If it sees the local key file when the app launches it considers itself authenticated and never checks again.
Whether you use one user account per person or one for the whole company is up to you.
This style of distribution is very useful if you want to have control of who can use the app but want the ease of deployment that the AppStore provides.
Apple has accepted many apps onto the AppStore that use this method of authenticating against a remote server (Skype is a perfect example).
If you keep track of device UDID on the configuration server you can also pre-load it to allow a certain set of devices to work.
Further, nothing I have described is iPhone specific so you can use the same configuration management system and concepts on other platforms like Android (or even desktops) if you ever port the app or build other apps needing this in the future.
Also, since the action of authenticating devices is not processor or data intensive you will likely never incur a cost if you build this on Google AppEngine as you will never go over the free quotas and you will gain the stability and scalability of Google's backend architecture.
As this particular deployment is for managing an in-house back-end system deploying it through the AppStore can seem insecure because there is proprietary information embedded in the app, in particular the information that allows it to connect to and authenticate against the back-end systems.
The solution to that is to not include this information within the app and simply have that information be part of the response that the app receives from the configuration management server. Basically the app contains the logic necessary to perform its function but without the connection information it has no ability to manage any back-end system.
If you make the app authenticate every time it launches you can change the connection information on the configuration server and the app will update to the new information without any new deployment being necessary. The user just needs to restart the app. This gives your client the flexibility to change their internal network configuration without invalidating your application code. You could also make this information manually configurable within the application but then you incur an IT cost when setting up the application on each device and if you already are going to set up a configuration management system you might as well use it.
To further secure the above solution you may want to have the configuration management system be in-house and behind the company's firewall so that regardless of who gets a hold of the app they cannot connect to the config system unless they are within the company's network.
I was researching this yesterday and today, and it appears that Apple has just (within the past week) removed the >500 employee requirement for enterprise development. However, I believe you will need to develop/deploy for a particular client using a development toolkit registered by the client.
So if you do work for client A and client B, both client A and B will need to sign up with Apple as business developers, at which point you can develop apps for them (as a contractor) and use their tools to build and deploy within their enterprises. I would think it would be a good idea for your company to also be registered as a business developer.
Apple does still require you to have a Dun & Bradstreet DUNS number to sign up as a Business Developer.
About the only real choices you have are...
Up to 100 devices as ad-hoc distribution.
Enterprize distribution (requires > 500 employees)
Everyone has to march their device down to some IT-central and get built as a "developer" device. (yikes!)
Jail-broken.
Jail-broken may sound scary, but it's actually pretty advanced, now-a-days, and can be managed quite easily. Still, it voids your warrantee (unless you're willing to restore-to-factory and be not-honest about it ;)
Still, technically, it's an available option and can be made to work, if you're willing to plan it out.
Let us know what you decide, and the pros & cons of that method.
Another obvious although not neccesarily pleasant is to submit your app to the app store as an app but can only be accessed with a client password. Assuming you can get past the aapp store process this might work for you.
Olie said:
About the only real choices you have are...
Up to 100 devices as ad-hoc distribution.
Enterprize distribution (requires > 500 employees)
Everyone has to march their device down to some IT-central and get built as a "developer" device. (yikes!)
Jail-broken.
But to be clear (correct me if I'm wrong):
if you use the "Ad-hoc" distribution method, your costumers will see the app vanish after exactly 3 months.
only up to 100 devices can be used for testing (i.e. used in "developer mode") and moreover, the app will vanish after 3 months.
So, Apple doesn't give us any choice, are you really big (>500 employes)?? ok so you can do what you want etc otherwise... "byebye"
Moreover, forget about what "Bryce" said before, an app like the one he described would be rejected with the "limeted audience" motivation.
iOS is not for enterprise app....if you don't want to rely on some clever hackers (i.e. jailbreak)
Ad-hoc distribution is limited to 100 devices per app, that's true, but you can add the project n times to the apple developer center, so you can deploy it to n * 100 devices
How does apple ensure that your enterprise has greater than 500 people? I'd give it a go through the enterprise program anyway...
I would not jailbreak, I would not do ad-hoc because it is limited to 100, and I wouldn't make everyone put their phones in developer mode.
For future maintainability, enterprise mode is the way to go, so see if you can navigate your way through the process without mentioning that you might not be quite 500 users.
Also, I saw your comment about developing using MonoTouch. I would talk to Apple about this before you do anything else, because given their recent policy changes I am pretty sure this will get your app denied from the App Store and the Enterprise program.
Edit: I checked the Mono web page. It seems like Apple may still be letting mono apps in, and the Mono creators insist that it is kosher, but you might be running the risk of having your future app pulled from phones at any time.
A better edit: Straight from the mono website: Enterprise MonoTouch
It is important to point out that the new iPhone Developer Agreement terms are for AppStore deployment and not the Enterprise program that allows deployment of in-house application to users in the enterprise (using the Enterprise Deployment program).
So you might be good there as long as you can get into the enterprise program.
You can completely bypass the App-Store or Enterprise Developer Program approval process, if you develop your app as pure HTML5 solution.
This technology is called webapps. And they can be pretty advanced in functionality. You automatically have cross platform readiness and very easy deployment options (as webclip this can be distributed via .mobileconfig configuration files)
See http://www.apple.com/webapps/whatarewebapps.html
There is another solution: an own app store:
http://rhomobile.com/products/rhogallery/
unfortunately only in combination with RhoHub.
Or:
http://www.appcentral.com/
More info:
http://www.apple.com/iphone/business/integration/mdm/
http://www.cio.com/article/638175/Emerging_Tech_Alternatives_to_Apple_App_Store_For_Enterprises?page=2&taxonomyId=3002
In theory the proposed solution of publishing a free app meant for one company is not valid, since published apps in the app store should not be intended for a "limited audience" (whatever that means), according to:
http://appreview.tumblr.com/post/952395621/cannot-be-intended-for-a-limited-audience
Has anyone tried this with success? Any other ideas?
Related
My client needs to find a way to automatically push app updates to a number of iphone 3gs devices remotely. These devices will be in guided access mode so the users will only be able to access the app in question.
I believe we have two option for distribution:
B2B custom app via the Volume Purchase Program
In-house app released with the Apple Enterprise Program
Having researched our options I can see that over the air app updates can be achieved by either:
Building an in-app update functionality to check for new updates (Enterprise only I am guessing?) and automatically update and restart the app
Using an MDM such as http://www.air-watch.com/ (as I understand Apple Configurator must have devices plugged in via USB to work?)
I am wondering if anyone can tell me whether either of those options are possible with the devices being in guided access mode?
Or are there any other solutions, which I have missed, that can automatically manage the app remotely while the device is in guided access mode?
You can solve this with an Enterprise distributed app.
App only. Update check for an OTA-Update from your app when the app is coming to the foreground (or some other metric at your clients leisure, like added time delay, etc). Basically self explanatory; you implement a call to your clients/your API to check the version and inform the user of a new one. The update can either be optional or mandatory (preferably announced by the API and changed when needed); present the user with an alert about it. The user acts upon it and you OTA install via an ITMS link provided by your API call. And that's it.
MDM. Tbh, I'm a bit on shaky ground here. Theoretically this is all possible via MDM too, however I am not sure if it is the (varying) MDM solutions or some misconfigurations, but clients usually seem to lose control after some time.
Both. Yes, you can perfectly well live with both. MDM while everything is fine, and as a backup a well structured App+API mechanism to push the OTA updates out. This is especially useful if you have customers where some departments are under MDM and others are not. So, some may get it via MDM (and if all else fails via the App itself), the rest will get it via the App.
The tradeoffs are a matter of personal preference, if there is a fully working MDM solution in place the update will be pushed out and the user however 'malicious' can do nothing against it. But the same is true for the 'App only' solution, as you have the option to not let him use the app if he does not update (either by not providing a cancel button or, as you are in an enterprise environment and there it is allowed doing an exit(0)).
From experience I prefer any solution that has the 'App only' option as it is the last fallback if anything on client side fails. Whatever may be added on top is just sugar to the cake.
While not strictly relevant, the 'App only' solution always goes well with Push Notifications when an update came out.
We have an application which will be used only by customers nationwide and for this reason we do not want to put the application on appstore. Shortly we want to publish it on one of our servers like a zip file then the customers will connect to that server and download the application. Yesterday when I called to apple support, one of the customer represantatives said to me that this is not possible even if we choose the enterprise license. But today I found a link which it says it can be possible. http://developer.apple.com/library/ios/#featuredarticles/FA_Wireless_Enterprise_App_Distribution/Introduction/Introduction.html
Now, I want to know that is there anybody had same problem in here? What are the differences between enterprise license and company license? And the most important is that how can we do what we want to do if it is possible?
It's not officially possible.
You could try Enterprise distribution as others have mention, though it's not designed for distribution outside your company. I'm not saying it will happen, but if Apple find you're doing it they might close your developer account. I've never heard of that happening; only you can decide whether it's an acceptible risk.
Apple would say that you should put the app in the App Store. Unless Apple would reject your app I don't see why this wouldn't work. You don't have to make it easy to find and you don't have to make it cheap.
You can limit it to your customers by requiring a log in. Many, many apps do this, from Salesforce to Skype to Twitter.
Your options are:
Use solutions like TestFlight (free AFAIK) and HockeyApp (paid
service / 1 month free trial) which use UDIDs for app distribution - they
allow seamless ad-hoc distributions.
Use Apple's corporate license ($99/yr) + enterprise license
($299/yr) at the same time and use the latter to distribute your
betas/products without managing UDIDs (i.e. anyone with a link to
your server can install the app, but you can introduce serial numbers etc.).
NOTE: using enterprise license obliges user to not share the app
outside the company, but most companies breach the license agreement
(sharing the apps outside company is not traceable AFAIK).
If you plan to distribute your app outside App Store, option 2 with enterprise license is a way to go, but mind the license agreement on other hand.
The Apple representitive was wrong.
With an enterprise account you can sign an application using an enterprise distribution certificate and provisioning profile, which lets the app run on any device with no restrictions.
You can also use Over-The-Air distribution which lets people install the app through a simple http link in Safari (for example).
We use this a lot at my workplace. We have hundreds of people around the world using our (private) apps, all installed via safari.
The standard Corporate license only lets you manage a maximum of 100 devices on your developer account, but if you take this route you can still use Over-The-Air distribution with an ad-hoc distribution certificate/profile. But you have to manage each device id yourself.
If the cost of the enterprise account is not too much for you, that is definitely the route to take.
It's like Apple said, not possible.
You can add device to the ad-hoc profile, this will allow your app to run on 100 device maximum.
You can use the Enterprise license but you will still need to register the device before the app can be installed and there is still a a maximum.
See the comment of Mike Weller.
Mustafa
you can generate your OTA(Over-The-Air) file in which you set your appropriate profile(with client`s UDID) and send that link to your client and easily provide your update.with using little bit help of your web-developer.check here.
hope this is helpful to you mate...
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
I work for a company that would like to create an app that we can distribute to our customers. We manufacture industrial equipment and we would like to provide an iPhone/iPad app to our customers that can interact with their equipment.
The problem is that we would prefer that the app not be downloaded from the App Store. We would like for this application to be available for our customers free-of-charge and would also like for them to have the ability to download and install the application on as many devices as they desire. However, we do not want non-customers (ahem, competitors) to be able to download and use our application.
What options are available? We have considered allowing the app to be available through the app store but in that case the app would be locked until the user entered an application key. This would keep the app free to download and it would give us the ability to control who could use our software. I'm not sure, however, if that is allowable by the Apple TOS.
The Enterprise license sounds like a potential option. If it is, what are the specific steps necessary for installing an iOS app on an Apple device if not through the App Store? I'm also not sure if it would break the TOS to distribute our app for this purpose under the Enterprise license. Is that the case?
What options do I have? Please realize, I don't own a Mac and I've never even attempted to write or distribute an iOS application-- I'm 100% new to all of this. Thanks for you help.
EDIT
Thank you all for the wonderful responses that I have so far received. Half of the questions that I have stem from the fact that I can't find the actual TOS agreement that I would have to sign if I became a standard or enterprise developer. (Yes, I've googled it.) Does anyone have a link to such documents?
If you want to distribute your app outside the App Store, you need to get an iOS Developer Entreprise license ($299/year). You're going to need a Dun & Bradstreet (D-U-N-S) number to enroll and can only deploy to 500 (registered) devices.
Edit: Another option would be to demand the user some authentication (such as user/pass) to use the app (think Facebook or Twitter). You could provide your clients with the credentials to ensure only a certain users have access to the app.
I think #ibeitia's answer is the best one, but here's an additional option: put the app on the app store, but make it all-but-useless without a login to your server.
For example, the Google+ app is useless unless you have a Google account.
You'd have to give a login to Apple so they can vet it, and of course I can't guarantee they'll allow it, but it's an option I'd consider.
(If you do go down that route, send an email to Apple's approval team asking for clarification before you start development!)
I work for a company that would like to create an app that we can
distribute to our customers.
From http://developer.apple.com/support/ios/enterprise.html (bold is mine)
I am a developer who wants to create an in house app for my client.
Can I join the iOS Developer Enterprise Program to do that?
The iOS Developer Enterprise Program should be used to develop and
distribute proprietary in-house applications to your own employees
within your own company. As such, your company would not qualify for
direct Program enrollment in this situation. We would suggest that
your client apply for enrollment in the Program, and, once enrolled in
the Program, your client may add the appropriate developers from your
company to their iOS Development Team.
The Enterprise Developer program doesn't allow you to sell your app to your customers. It's the customer, not you, who should enroll in the program.
I think your best bet will be to use Apple's B 2 B program:
http://www.apple.com/business/vpp/
This will allow you to have apps in Apple's business app store (not the ordinary app store), and control who gets the apps. You'd provide the redemption codes to your customers.
btw, I can confirm that providing an app with a login to make it useful would be okay with Apple - I've done it before.
Well your options are really limited.
You could go with the enterprise license but this is still limited to 500 device which still need to be register with the some how. (never had to work with the enterprise license).
But could you not make your app available in the appstore foor free but only make it work with you equipment. Thus make the app search for the equipment (via bonjour of wifi) and only work when it finds the device. This will make getting the accepted a bit harder but will work. There are some IP camera manager that work that way.
If your competitors really want your app they will get it one way or an other.
Just be sure you release an app before the competitors, do that way your company has the advantage.
Is it possible to automatically force an update of all installations of an iPhone app without requiring interaction from the users?
According to this thread it is impossible to do so for apps deployed on Apple's public app store, but another more recent thread describes a way to at least inform users of updates, but still forces them to take action manually. With the Enterprise Program becoming available to most companies now (the requirement of 500+ employees has been dropped) can we hope to achieve it with the Enterprise Program?
The reason I'm asking is that automated push-updates of applications are a common demand and indispensable requirement by many businesses that use mobile devices. Blackberries have always won over iPhones in the past, because they had this feature while iPhones did not. Has the situation changed now?
Update: Apparently, there is another problem. Apple has a limit on the size of app downloads of 20MB over GSM which to my understanding also applies to deployment within the Enterprise Program. Unless all users consistently have access to a WiFi connection, this is another limitation that needs to be taken into consideration.
Update 2: I have submitted a feature request to Apple. Maybe it helps to expedite the improvements.
I don't believe you can force an update, though you can:
Remotely disable an existing app, if urgent, and
Design your app such that when it is outdated it alerts the user and provides a one-tap link to download a new version (technically two taps, one to load the web page with the app and one to install the new version).
It's not the ideal system you note would be so helpful, but it's an improvement over the earlier system where users had to sync with iTunes at a desktop/laptop in order to perform the upgrade.
I'm a first time iPhone application developer and I'm developing application for my client who wish to distribute this application to a group of people related to his business only, and as FREE application only. This is such an application which is not meant for general users so we definitely don't want this application is publicly listed in Apple AppStore, rather we want to distribute application to group of people privately. Just like sending them a link to download application via email or something. They click on it and application get downloaded. But in Apple I read that two programs are available like Standard Program and Enterprise Program. The standard one will list application publicly which we do not want, and enterprise programs looks compelling for enterprise users connected to MS Exchange server which we do not posses and not even wish to setup because its not needed.
Can any one help me answer following?
1. If we go with Standard program, how can we restrict application to be visible via some AppStore link ONLY and we will send that link to our users via email.
2. If we go with Enterprise Program, can we do a simple setup over our Apache+PHP+Linux environment i.e. without involving MS Exchange server.
Thanks,
Sameer.
One way around this is to submit your application to the App Store, but put it's availability date in the future.
Then, you can create promo codes and send them to the people you'd like to be able to download your application, but it won't show up in the store.
If you do it this way, you don't need to know anybody's UDID, but you're limited to 50 people per version of your application.
If we go with Standard program, how can we restrict application to be
visible via some AppStore link ONLY
and we will send that link to our
users via email.
It is very simple: You can not. You can either manually distribute the App through AdHoc distribution (for this you will need the UDID of every single iPhone the app will be installed and afaik the the license runs out every year and needs to be renewed) or post it to the AppStore publicly but restrict access to your application by using an authentication within the App itself.
If we go with Enterprise Program, can we do a simple setup over our
Apache+PHP+Linux environment i.e.
without involving MS Exchange server.
Afaik I think this should be possible as you basically are just doing a huge AdHoc distribution, but without Exchange Server it might get a pain as you will probably also need the UDID. Yet honestly I never took any closer look at this program.
You can setup the app to require a password or hot corner when first run.
The Enterprise Program is your only viable option for a native iPhone App. Re-read the program details. It's exactly what you want.
If you deploy your App as a Web-App, you can skip this and simply deploy on the company website, so if you don't need native iPhone options, this might also be a viable way to deploy your program.
-t
You will need to qualify for the Enterprise Program: you'll need a minimum number of employees and a DUNS number. Read the Enrollment document for more information. Your situation (as described) does not sound like it qualifies.