Making sense of Apple’s enterprise app distribution changes

For in-house apps, Apple is now pushing the Custom Apps program (formerly the B2B program) as an alternative to enterprise-signed apps.

Now that iOS 13 has become the new standard in enterprise environments, it's time to take a look at some of the new features that were announced at WWDC.

One of the features that is finally in the wild is the ability to use Apple’s Custom Apps program to distribute in-house enterprise apps to your own internal employees. “Custom Apps” is the new term for Apple B2B app distribution platform, and you’ll still hear many people using that term.

All about Custom Apps / B2B

So, what is Apple Custom Apps distribution (or B2B, if you prefer) anyway, and what makes this change an exciting one? To fully understand, we have to talk about the beginnings of the B2B app distribution program.

In 2012, Apple created a way for developers to distribute their applications to specific customers through the App Store, and charge accordingly via the Volume Purchase Program. The process was simple:

  • Develop the application
  • Upload it to the App Store
  • Apple scans the application
  • Developer specifies the Apple ID of the customer organization
  • Customer logs into their VPP portal (now Apple Business Manager)
  • App is then available for internal distribution

This process was great for companies that wanted custom-branded software from known app developers. It also allowed the developer to maintain the rights to the app, and the ability to update the app as needed. In turn, this made custom app distribution easier and far less risky to both customer and developer.

As Apple devices became a mainstay in the enterprise, the demand for custom business apps increased. This meant that enterprises were obtaining their own developer licenses using the Apple Developer Enterprise Program, building their apps in-house, and trying to determine the best way to test, sign, distribute, and update them. This could be challenging, at times.

Testing is always a chore for organizations, due to the complexity of ensuring that the app is ready for prime time when it gets distributed. And, as anyone that has utilized the Apple Developer ad hoc distribution method knows, this can be time consuming when you have to register the test devices’ UDIDs to allow them to install and use the app, not to mention that there’s a 100-device limit.

Signing apps and dealing with updates and app expiration was also a challenge when distributing enterprise-signed, in-house apps. This also meant using an EMM platform to install the enterprise-signed, in-house apps and push updates. This brought challenges on unmanaged BYOD devices.

Enter in-house apps via Custom Apps

This brings us to Apple’s most recent changes: Companies can now use the Custom Apps / B2B program to distribute apps to their own organization, something that wasn’t allowed before.

These changes were first noted in an article by Josh Wisenbaker in 2018. (Josh works at Jamf, and has a background with NoMAD and Apple.) He prophesied that this change would have the potential to alleviate the problems enterprise app developers had with getting app metrics and proper testing for the latest iOS versions and security patches, among other notable inconveniences for enterprise app developers.

In 2019, Apple formally announced the change, and outlined everything in the WWDC session, App Distribution – From Ad-hoc to Enterprise.

This new method allows internal app developers to use tools like TestFlight and App Store Connect for Custom Apps. These tools were previously only available to customer/consumer-facing app developers. The use of the Custom App distribution looks to eliminate the previously stated issues we had with developing and distribution of enterprise apps. It also eliminates the yearly expiring distribution profile which many of our internal app devs never seem to keep track of until it’s too late and the app stops working.

This program will also help keep your internal apps compliant with the latest iOS requirements. For example, many app developers will remember and cringe at the mention of 32-bit to 64-bit app conversion. With this new program, there would be plenty of notice and documentation around the changes required to support the new iOS versions, as well as rejection of Custom Apps that did not fit the new requirement.

Pros, cons, and considerations

There are many different aspects of Apple’s Custom Apps program to consider:

  • It requires you to submit the custom application to Apple to get it tested and approved for distribution. This means that your new app has to meet some strict guidelines from Apple. These are the same for all apps, and include checking for broken links, buggy software, and substandard user interfaces. 
  • Apple enforces Apple Business Manager as a means of distributing your Custom Apps. This means you will need to sign up for this service or migrate from the old VPP to ABM. One of the great things about owning the distribution is that you can push the application to your EMM solution; in BYOD situations you have the ability to send out a single use code to your employees.
  • The app review can take one to two business days to complete. This means that if you have a break/fix issue there could be a delay before you are able to publish a corrected version. In the event of a bug fix, there is the possibility of getting the app review expedited, but you must also submit the steps to reproduce the issue. This is new for most app developers that only create Custom Apps.
  • Apple also requires that the apps meet the authentication requirements laid out in their security framework. What this means is that you will have to create dummy data and test accounts to allow Apple to login and test the app functionality.
  • Once your app is approved it is then available in your ABM instance for distribution. 

What is not quite clear, though, is whether certain apps related to taboo subjects or organizations will be allowed. The list of prohibited topics includes apps related to consumption of tobacco, vaping, other controlled substances, gambling, and firearms. So, if you work at a company that participates in these activities legally, does that mean you can't make an app for distribution for your employees?

One of the other questions that should be on everyone's minds is the impact to future app development for Apple devices. It is plausible to think that Apple, in their attempt to offer the highest quality experience for their consumers, will begin to eliminate or at least limit the ability to sign and distribute apps through any other means.

This has already happened to a degree on the Google side. In order to have your custom app distributed to Android Enterprise, you must upload the app into managed Google Play. It goes through a security scan, and then you have the ability to assign it to the work profile on Android. If you want to self-host your app and avoid the scan, then there are limitations around how it can be distributed in Android Enterprise.

The release of the Custom Apps addition to ABM seems promising from an app integrity standpoint. The conversion to the new ABM portal has to occur before these features can be used but it's a pretty painless process for the most part. Apple has certainly come a long way in their support of the enterprise and this is a great example.

Dig Deeper on Mobile operating systems and devices

Networking
Unified Communications
Security
Close