During WWDC 2019 Apple already hinted at a new preferred method for distributing inhouse developed iOS and iPadOS apps. This year at WWDC 2020 Apple dedicated a full session on this topic. If you find this topic interesting you can find the complete session here, the session is a 22 min watch and very clear.
If you are familiar with distributing inhouse apps within your organization, you understand terms like Distribution Certificates and Provisioning Profiles. In essence the company that wants to distribute inhouse developed apps to their end users and want to keep the app internal (instead of using the public app store) need to have an Apple Developer Enterprise Program account. With this developer account you can create a Distribution Certificate to sign your apps. This is needed to get apps to run on an iOS and iPadOS device (the certificate is chained to Apple’s Root Certificate). You also need to create a Provison Profile to distribute together with your app. A Provisioning Profile is valid for one year, so every year you need renew this (which often is a pain and also forgotten).
Besides this yearly renewal process also creating a new version of the app is a manual process, you need to distribute this to your end users and get them to update to the new version. This mostly results in different versions in use because some end users will not update. With Custom apps there is new method for deploying inhouse apps for iOS and iPadOS. This year Apple even states it’s their preferred method for distributing internal apps. A quote from the WWDC session, where this is explicitly stated:
“Historically enterprise app distribution was the only approved path for internal deployment. The Custom app process includes the benefits of TestFlight and app review and is now the preferred path for internal deployments..”:
Custom apps work on Apple Business Manager (or now also Apple School Manager, this is announced this year). With Custom Apps there is no need for the yearly renewal of Provisioning Profiles because the Distribution Certificate will not expire. You can also leverage update control to devices (through your MDM solution) including automatic updates on devices (this uses the same automatic VPP app updates already build into most MDM solutions for public apps).
App Store Connect
To use Custom apps you need to change Developer accounts. Instead of the aforementioned Apple Developer Enterprise Program you need a normal Apple Developer Account. The first step is to request this account. When enrolled, the process for publishing your apps is performed in Appstore Connect. This is the same environment as publishing apps to the public store. Take some time to get used to this environment, it’s a little bit more involved.
The app development process is structured from Appstore Connect. When the app is finished you can distribute the app as a Custom app. You do this by selecting ‘Available for private distribution to specific organizations on Apple Business Manager or Apple School Manager’ in the Pricing and Availability section in App Store Connect.
As shown in the screenshot (on the left side of this article) you need to provide the Organization ID and Name of the Company that needs to receive this app. This is the best option for a third-party developer to develop an app for a company for internal use only. Pricing of the app can be done through this process and be based on licenses. The developer can add as many Organizations as needed, using this process. And the app will only be available to those companies and not in any way visible in the public store.
But for Enterprises, that have their own internal development team, and develop apps for internal use only, the exact same method can be used. In WWDC 2019 it was announced that Organization ID and Name, that are provided in this process, can be the same as the Organization that holds the Apple Developer Account. This process is called B2B2ME. It is a Business to Business process (process from developer to a Company) but leveraged to assign the app to yourself (ME). And in this process use the benefits that are available for this distribution method.
When using this B2B2ME process keep in mind the app you are submitting needs to go through the App Review process. Make sure that if your app requires authentication, Apple gets a demo account, or make sure a demo mode of your app is available so Apple can perform their vetting process. Also provide sufficient metadata and screenshots of the apps and provide clear review notes when submitting for app review. This part can be frustrating, in the beginning, as you figure out what Apple wants from you and also understand what is allowed but eventually it can help adoption of your app because this vetting ensures the app is Apple approved ,meaning security vetted and checked for quality. Another nice feature when using Custom Apps is you can use Test Flight for Beta Testing and you can select test users by sending invitations via email or a public link.
Steps in Apple Business Manager
In Apple Business Manager make sure in Setting, Custom Apps is enabled. This is needed to see the Custom Apps Section. In the Settings you can also find the Organization ID and Name that needs to be used when distributing the app from App Store Connect -> second picture left of this article.
When an app is assigned to your organization from App Store Connect you can find the app in the Custom Apps section in Apple Business Manager or Apple School Manager and use your MDM solution to distribute your apps to your end users as you do with other VPP apps (devices based licenses is also supported to get the apps to devices without a need for an Apple ID on the device).
Conclusion
In this post we detailed the steps needed to use Custom Apps to distribute inhouse developed apps to your end users for internal use only. When using this method there is no need to yearly renew your Provisioning Profile and you can use the advanced app update features. Besides that, Apple explicitly mentioned this is their preferred method so take this into consideration, it might be, Apple will announce in an upcoming WWDC, that the Apple Developer Enterprise Program gets deprecated.
