Alternative solutions for in-house iPhone enterprise app distribution

Question

A client has asked us to develop a proprietary in-house app for managing their back-end systems. However, we are a small development company and I\'m certain that their comp

Answer 1

Another obvious although not neccesarily pleasant is to submit your app to the app store as an app but can only be accessed with a client password. Assuming you can get past the aapp store process this might work for you.

Answer 2

In theory the proposed solution of publishing a free app meant for one company is not valid, since published apps in the app store should not be intended for a "limited audience" (whatever that means), according to:

http://appreview.tumblr.com/post/952395621/cannot-be-intended-for-a-limited-audience

Has anyone tried this with success? Any other ideas?

Answer 3

You can submit the app as a completely free app on the AppStore but require that the user log in and authenticate to use it. That way anyone can download it but you control who can actually use it. Apple does all the distribution for you for and you don't have to worry about Ad-Hoc deployments or IT departments.

You then build a really simple configuration management system on a web host (or platform like Google AppEngine) that manages the authentication of apps.

When a user launches the free app they are asked for a username/password/whatever. That information is sent to the web-based configuration management system and confirmed. If the app receives an acceptable confirmation from the configuration management system it unlocks itself for use by that user.

The app can either re-authenticate every time it launches (useful if you want lots of control) or it can store a key file locally indicating that it has been authenticated. If it sees the local key file when the app launches it considers itself authenticated and never checks again.

Whether you use one user account per person or one for the whole company is up to you.

This style of distribution is very useful if you want to have control of who can use the app but want the ease of deployment that the AppStore provides.

Apple has accepted many apps onto the AppStore that use this method of authenticating against a remote server (Skype is a perfect example).

If you keep track of device UDID on the configuration server you can also pre-load it to allow a certain set of devices to work.

Further, nothing I have described is iPhone specific so you can use the same configuration management system and concepts on other platforms like Android (or even desktops) if you ever port the app or build other apps needing this in the future.

Also, since the action of authenticating devices is not processor or data intensive you will likely never incur a cost if you build this on Google AppEngine as you will never go over the free quotas and you will gain the stability and scalability of Google's backend architecture.

As this particular deployment is for managing an in-house back-end system deploying it through the AppStore can seem insecure because there is proprietary information embedded in the app, in particular the information that allows it to connect to and authenticate against the back-end systems.

The solution to that is to not include this information within the app and simply have that information be part of the response that the app receives from the configuration management server. Basically the app contains the logic necessary to perform its function but without the connection information it has no ability to manage any back-end system.

If you make the app authenticate every time it launches you can change the connection information on the configuration server and the app will update to the new information without any new deployment being necessary. The user just needs to restart the app. This gives your client the flexibility to change their internal network configuration without invalidating your application code. You could also make this information manually configurable within the application but then you incur an IT cost when setting up the application on each device and if you already are going to set up a configuration management system you might as well use it.

To further secure the above solution you may want to have the configuration management system be in-house and behind the company's firewall so that regardless of who gets a hold of the app they cannot connect to the config system unless they are within the company's network.

Answer 4

About the only real choices you have are...

• Up to 100 devices as ad-hoc distribution.
• Enterprize distribution (requires > 500 employees)
• Everyone has to march their device down to some IT-central and get built as a "developer" device. (yikes!)
• Jail-broken.

Jail-broken may sound scary, but it's actually pretty advanced, now-a-days, and can be managed quite easily. Still, it voids your warrantee (unless you're willing to restore-to-factory and be not-honest about it ;)

Still, technically, it's an available option and can be made to work, if you're willing to plan it out.

Let us know what you decide, and the pros & cons of that method.

Answer 5

There is another solution: an own app store:

http://rhomobile.com/products/rhogallery/

unfortunately only in combination with RhoHub.

Or: http://www.appcentral.com/

More info: http://www.apple.com/iphone/business/integration/mdm/ http://www.cio.com/article/638175/Emerging_Tech_Alternatives_to_Apple_App_Store_For_Enterprises?page=2&taxonomyId=3002

Answer 6

Olie said:

About the only real choices you have are... Up to 100 devices as ad-hoc distribution. Enterprize distribution (requires > 500 employees) Everyone has to march their device down to some IT-central and get built as a "developer" device. (yikes!) Jail-broken.

But to be clear (correct me if I'm wrong):

1. if you use the "Ad-hoc" distribution method, your costumers will see the app vanish after exactly 3 months.
2. only up to 100 devices can be used for testing (i.e. used in "developer mode") and moreover, the app will vanish after 3 months.

So, Apple doesn't give us any choice, are you really big (>500 employes)?? ok so you can do what you want etc otherwise... "byebye"

Moreover, forget about what "Bryce" said before, an app like the one he described would be rejected with the "limeted audience" motivation.

iOS is not for enterprise app....if you don't want to rely on some clever hackers (i.e. jailbreak)