iOS: Migration from Enterprise to Private Distribution

Roadmap for app distribution on AppStore and not only

Beginning of a story
The entire story began in September 2022 when Apple Co. declined our request to renew our Apple Developer Enterprise Program.
We attempted to contact them through phone, email, and the Developer forum, but unfortunately, we were not successful. The minimum requirement of 100 employees was unalterable and could not be exceeded. Previously it was not a problem but now European and US offices are more strict as ever.
Whole program description can be found here. And that lead us to…

made with iloveimg.com

---

Our setup
- We possessed a signed IPA file for Enterprise distribution and utilized an MDM service with customer groups to facilitate installation, updates, and other operations on phones.
- The devices we provided did not have constant Internet connectivity, lacked Apple ID credentials for sign-in, and were unable to access mail services.

Hacky ways
- TestFlight — requires users to log in with their Apple ID in order to install the app for regular testers and customers
- TestFlight Beta testers — can only receive app invites via email, and there is a limit on the number of users
- AdHoc — has a limit of 100 devices. To overcome this limitation, we had to divide the app into separate versions, and each time a new device was added, the Provisioning Profile needed to be updated. (
- To submit the app as a public app, we needed to implement restrictions based on the device and region

---

This is the way
After researching a little bit more we’ve found out an update Apple Documentation regarding Managing your app’s availability which is very gratefully describes all available distribution methods:

- Apple public distribution with AppStore link available from Search or directly. Not for us. App will be available for everyone, need Apple ID.

- Private distribution: app will be available only on Apple Business Manager or Apple School Manager to specific businesses and organizations that you specify in App Store Connect.

Apple Business Manager is a powerful distribution tool on it’s own but docs are lacking of info. The only helpful one was from UK links Guide and it’s at least telling who are we dealing with. Basically it’s an service to distribute Apps and books with licensing system to specific customers. Our MDM service have a setup to sync with it and load apps to the existing users.

If you like to know more:
- Distribution methods comparison

made with iloveimg.com

This spectacular info gave us a vector to plot a path to our customers. We are keeping the MDM service for old users and adding new one to ABM via link. At least this seems valid and correct finally.

---

First obstacles
After following enrolment steps from same cool UK Guide — it were clear that adding new devices is challenging.

Currently only 2 options available:
- Buy from Authorized reseller (not working for old customers)
- Add manually via Apple Configurator 2 (we can’t do that, devices are unreachable for physical connection)

That brought us some concerns — how to use current list of devices in our MDM. After linking the ABM to it — we’ve spotted that purchased free apps are appearing in the list in MDM. That part is not very clearly documented, but in general we were asking about a way to add existing devices to ABM and not about VPP workflow.

That was a gasp! We’ve decided to go with Unlisted Distribution for our organization only. App will be private and have a link which is not going to AppStore (it’s even based on a domain differrent from https://itunes.apple.com/app) but will lead to internal store. Setup is pretty straight:
- Prepare the app acording to AppStore Review Guidelince if it haven’t been done (now we have to be strict to what app declares and does and match AppStore Review Guidelines. We did before but now it’s truly checked and if you were only distributing via Enterprise that might bring some headache)
- Create app info in AppStoreConnect
- Set Private Distribution in Availability section to distribute to our app only
- Submit for Review
We’ve got a link to Custom App and were happy ) Well… For a while )

---

Path of Mystery
But since we’ve already pretty deep in ABM — getting a longterm solution would be a great step!
Newly added 3rd point: Unlisted distrubution which provides a way to install an app for non-managed devices and were a great way to promote it for some partners. We only had concerns about the privacy and that link to our app will be visible to everyone, like public shared. By tweaking the Authorization — that was closed. Extra credentials have never been a bad thing.

Since moving to Unlisted of non-public app is not possible (that was not mentioned in first version of the documentation):

If your app is currently distributed privately to specific organizations through Apple Business Manager or Apple School Manager, you’ll need to create a new app record in App Store Connect, upload your binary, and set the distribution method as publicly available on the App Store before submitting your request.

a new app must be created!

With simply copying app info from the Unlisted Distribution and setting publicly available flag — all were done. After that: we need to simultaneously move the app to review and submit a request for this distribution! Be aware: if all fine — you will get a reply for request:

Dear Developer,

Your request for unlisted app distribution has been approved. As a reminder, unlisted apps are not discoverable via traditional search methods on the App Store. You can distribute your unlisted app by sharing its direct link in the App Store which can be found in the Pricing and Availability section of App Store Connect for this app record. The app will be available to anyone with the direct link, so we suggest having a mechanism to prevent unauthorized users.

If the app is currently in a rejected or unapproved state for any guideline rejections not citing 3.2, we ask you to either follow the guidance from that previous communication or respond to App Review directly in Resolution Center (within App Store Connect) to address any remaining issues. Once approved, the app will become available for unlisted app distribution.

Review team will now know that app will went into unlisted distribution.
In a while app will be approved and distribution info on AppStoreConnect will be changed to Unlisted with link provided. You can’t get a link or force an update og distribution section on your own!

After releasing by Developer or if you set an automatic release it will propagate to AppStore and that link can be directly inserted into ABM/VPP section.

---

Conclusion
Non-ordinary app distribution is a corner stone of AppStore. Some countries in Europe after years in court have a green-light on Sideloading apps on iPhone and iPad. How will that actually work — time will show.

But for now allowed public and private distribution methods are what we have to deliver the app to our final users. Documentation eventually getting better and better so at least for now all ways are described or at least mentioned. Good luck!