In 2020, when a surging pandemic and safety protocols shuttered many offices, we were among the IT firms to switch entirely to remote work. We adapted to its rhythms almost instantly, logging into work like clockwork, collabing over Zoom and Meet, and diligently meeting deadlines and release dates. Access to internal systems and data was something to be ironed out. An in-house mobile application became the need of the hour. Building the iOS app was no sweat but the distribution path wasn’t so clear-cut at first.
I’ll soon explain how we sorted this out.
Distribution Options
There are many ways to distribute Android apps internally compared to iOS apps. In the case of Android, distribution and installation on any device can be done through a .apk file. A similar approach is not possible in iOS due to security restrictions imposed by Apple through code-signing. The App Store, which is intended for the general public, expressly prohibits the submission of an application for internal purposes. This left us with three options:
- Use ad hoc builds
- Use TestFlight to distribute builds as you do for beta testing
- Use Apple Enterprise Program
Ad hoc builds require you to register UDIDs of iOS devices to ensure they are code-signed properly, failing which the app cannot be distributed or installed. This has a lot of practical difficulties especially when you have many employees using their own iOS devices.
Testflight caters to a wider audience and is much easier to distribute builds, but it has its limitations. You can have only up to 10,000 beta testers and the build is active or valid only for 90 days, post which you would have to upload another build. Users would have to keep downloading from TestFlight every 90 days.
Then we have the Apple Enterprise Program that allows organizations to distribute proprietary apps to their employees. This is the go-to option for most requirements that need in-house distribution. Organizations have to pay $199 a year to access the program.
We were about to get the ball rolling on this when we came upon Apple Business Manager.
Apple Business Manager
Apple Business Manager (ABM) allows enterprises to deploy and manage Apple devices through a web portal. An enterprise version of Apple School Manager, ABM allows IT managers to smoothly enroll devices, purchase app store content, control settings, etc., centrally. The free program has expanded in the last year or so and it is now the recommended option to distribute proprietary applications within organizations. Prior to this, Enterprise app distribution was the approved path. But Apple Manager extends the benefits of TestFlight and App Review through Custom Apps.
Custom apps help developers to distribute apps to a specific customer or a group of customers, in a private App Store kind of way. This means the app is only visible to the people or organizations that you allow.
“The Apple Developer Program allows you to distribute public apps on the App Store, beta versions of apps through TestFlight, and custom apps to specific businesses, including your organization, through Apple Business Manager or Ad Hoc distribution. The Apple Developer Enterprise Program is only for specific use cases that are not addressed with these options.”
At WWDC 2020, Apple gave developers some details of the distribution of in-house apps to employees, business partners, etc. And something about custom apps through Apple Business Manager caught our eye.
“And because these apps come from the App Store, the distribution certificates don't expire. This is an important distinction for developers who are familiar with Enterprise distribution and the requirements to renew distribution certificates on a regular basis. With custom apps, you can focus on enhancements and features for new versions of your app, not certificate management.”
Ok, now that we knew Apple Business Manager and Custom apps were the way to go, we decided to look at Apple Business Manager in detail. Surprisingly, very little information was available in the public domain. We went through the whole process, from enrollment on ABM to app store submission and distribution on our own.
I’m sharing the whole process here hoping it would be of some help to you.
First and foremost, either you or a partner must be enrolled in the Apple Developer Program. Once your app is ready, the process you follow is similar to that of App Store submission. Even if your app is meant for internal distribution, it will go through the same App Store review process and is subject to the guidelines set by Apple.
Next, you need to have access to the Apple Business Manager.
1. Enrolling in Apple Business Manager
To enroll in the Apple Business Manager program, go to www.business.apple.com. You will have to provide details of the organization, including the D-U-N-S number, which will be verified by Apple, as well as contact information. The review process may take up to five days but this can vary.
Once your organization is approved, you will be able to sign in to the portal. You can set up users with different roles. Apple IDs that are already part of a developer program team cannot be used here, so use a separate Apple ID.
2. App Store Submission
Once the app is ready for distribution, create a new application on App Store Connect (formerly iTunes Connect), fill in the necessary metadata, provide required screenshots, etc., as you would do for regular App Store distribution.
The difference is mainly in the Pricing and Availability section of the app. Instead of checking the option to distribute the app through the App Store, check the option “Available for private distribution to specific organization(s) on Apple Business Manager or Apple School Manager.” Now you can choose to either make it available to different organizations or individual users using Apple IDs.
If you are looking to distribute the app to your employees, choose the former option. And when you do, ensure that the Organization ID and the Organization Name you provide here are the same as the ones shown on the Apple Business Manager portal.
Now go ahead and submit the application for approval. It could take anywhere from a few hours to days for the approval process to be completed.
If the application is rejected for some reason, check the reason, rectify as appropriate, and resubmit. If your app is approved, its status will change to “Ready for Sale.” Now your app is ready to be distributed. But how? Will the application show up on the App Store for employees to download? No, because this is not a public app. This is where Apple Business Manager comes into play.
3. Distribution Through Apple Business Manager
Apple Business Manager provides you with a means to distribute your internal applications to your employees either through an MDM or through redemption codes. Before you can do that, ensure that the “Custom Apps” settings are enabled on your Business Manager account.
It could take a day or two for your application to show up on the Business Manager portal, so don’t panic if you don’t see it right away. Once it does, it will appear on the “Custom Apps” section on the side panel.
The License Type dropdown in the Buy Licenses section gives you two options: Managed and Redemption Codes.
You should go for the “Managed Licenses” option if you want to distribute through an MDM. Since our app was for employees with their own devices, we used the “Redemption Codes” option. You will be able to specify the number of redemption codes that you want in the “Quantity” field and get the resulting codes for distribution.
Once you have done this, you will be able to download the codes as an Excel file.
This file has all the basic information related to the application, such as Product, Purchaser, Codes Purchased, Codes Redeemed, Codes Remaining, etc. You will also have a list of codes and code redemption links to redeem those codes. A code redemption link would look something like this:
https://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/freeProductCodeWizard?code=YOUR_REDEMPTION_CODE
You can share the links with different redemption codes for your employees. Upon clicking the link, users will be asked to install the iTunes Store app if they don't already have it on their devices. Then they will be able to redeem the code and install the application on their iOS devices.
When a code is redeemed, the Excel sheet would have a text saying “redeemed” in the field against the Code Redemption Link instead of a link.
While this is convenient and free, one of the major problems with this option is that there is no way for you to know if a code is redeemed without you downloading the Excel sheet from the Apple Business Manager portal. Apple has not made available any APIs to check whether a redemption code is valid or not. And with only the download option available to you, the onus is on you to come up with a solution to provide these codes and installation links to your employees. There are many ways you could do this, it's just that the lack of an API from Apple makes it long-drawn-out. But hey, you now have the means to distribute Apple-verified apps to your employees without any additional cost. So no complaints!
