Since Apple Business Manager, Enterprise Apps Are Difficult
Enterprise App Distribution in 2019 and Beyond
Over the past few months, a lot of our corporate clients are having trouble with their iOS apps. If they use the App Store (or Volume Purchase Program), they are fine. But if they publish apps themselves using a website and the Enterprise Distribution Certificates, they are no longer able to get their apps.
It’s happened with 3 clients already. I’ve also heard from other companies (who are not clients) that want us to help them out.
Last year, Apple started Apple Business Manager (ABM) as a place device management and corporate distribution. It is taking over from VPP and DEP. I’ve spoken with many companies that are confused with how to handle this.
In the past, we distributed corporate apps in 3 different ways:
- Volume Purchasing Program (VPP)
- Enterprise Distribution
- Mobile Device Management (MDM)
- Plain ol’ App Store apps.
Last year, I released a video outlining the differences between App Store apps and Enterprise apps.
Releasing to the App Store is the easiest. As long as you have a secure login, you can make it available to anyone but only those with a login can access sensitive data. We ask our clients to set up their own Apple AppStoreConnect accounts and grant us access using “Users and Permissions” (never give away your password). This is usually what I recommend as it is the easiest to maintain.
VPP was the next easiest (and is not replaced with Apple Business Manager). It allows companies to provision devices and purchase apps for their employees. We (or whoever the developer is) can release the app on our own app store account but only people who are part of a company with ABM can see it.
Enterprise Distribution used to be much easier. In this case, our client has an Apple Enterprise account and generate provisioning profiles for the enterprise. This bypasses the app store (and reviewers) altogether. So, we have clients with apps hosted on websites (internally or externally) and users need to trust their apps in settings under “Device Management” (which has been removed since iOS 12.3. This is where most of our current clients have problems.
Mobile Device Management is an easier solution. It allows companies to distribute apps to their own employees. One of our clients uses Microsoft InTune (https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security/microsoft-intune) for this— but there are many others.
The mobile platforms are always changing.
It always struck me that the Enterprise Distribution route was something Apple didn’t like. It was complicated to re-release each year as the provisioning profiles expire (something that doesn’t happen on the App Store). I think the lack of reviewers and Apple oversight is something they just couldn’t live with.
Our recommendations for any company having problems with their enterprise apps since the launch of ABM is simple:
— Publish it publicly to the App Store with strong in-app authentication.
— If you really need it private and invisible to the world at large, get your company on ABM, add your devices, and get your developers to release it to you only.