As we learned in the past few weeks, Apple has the power to prevent large companies like Facebook and Google from distributing their own internal apps. On Jan. 30 Apple revoked Facebook’s enterprise certificate which allows them to distribute internal apps, for not following the correct guidelines. The same thing happened to Google just a day later.
So do you need to start worrying?
Probably not. The good news is there are some simple ways to avoid this issue. As long as you follow these tips when it comes to implementing your own internal app; you most likely will not deal with Apple revoking your enterprise certificate.
1. Follow Apple’s guidelines when publishing your app
Seems pretty straight forward, right? Not exactly. Apple provides extensive guidelines for developers, and sometimes it can get a little tricky to follow. It is not as easy as it sounds because when it comes to publishing an app, there are multiple ways to go about it. When developers can choose from three separate ways to publish, the lines get a little more blurry. It also does not help that employees themselves decide whether your app gets published or not.
So, what are the three ways to publish an app?
Public App Store. This is probably the most common out of all of them, and sometimes the simplest as well since most individuals are used to downloading apps this way.
VPP (Volume Purchase Program). This is a type of private app, can often be used for companies internally. Through this program, apps are still managed through the Apple App Store. This method is used for third party apps a company might purchase for employees or custom apps developed by a vendor for internal use. The VPP is free and only requires a D-U-N-S number. The main benefit of the VPP is it’s purchased in volume, which makes it easier to distribute to employees. Note: companies with global employees must generate redemption codes per region.
iOS Enterprise Program. This is another way to submit an internal app. However, through this program, apps are not managed through the Apple App Store but instead managed by the company. The Enterprise Program is only for apps developed in-house for that company. If the app is provided by an external vendor, then the VPP is a better choice for custom B2B apps. This typically costs a company $300 per year.
2. Make correct decisions when choosing between Apple’s public and private app store.
Now that we know the three ways to publish an app via the Apple App Store, we need to understand the key differences between the public and the private app store.
Public Apps (Public App Store)
- Can be found by searching on phone’s preloaded app store. (Which does mean that anyone can find and download)
- Requires public content for anyone that might download the app
This is typically a great solution for large companies so their entire employee base can easily locate the app without needing a link.
Private Apps (The VPP and the Enterprise Program):
Cannot be found by searching on phone’s app store
Does not require public content for non-logged in users
Does require an alternative method of distribution, like URL a mobile device management (MDM) system or a redemption code
A great option for companies who already have multiple public apps in the app store or requires an extra layer of security.
3. Make sure you have the right content
When it comes to public internal apps, Apple has specific guidelines on what kind of content needs to be available to the general public. Even if your app mainly focuses on providing value to your employees, they still require some beneficial content or features to be open to the public.
Don’t worry - this does not mean you have to release all your internal documents to everyone. However, this does mean your company needs to create a reason for the public to download your company’s app.
Public content can be anything along the lines of job opportunities, a map to current stores, curated social media content, public news and announcements or even coupons and discounts.
4. Better safe than sorry
When submitting an app to Apple, actual humans review it. Which means that it is almost always up to the person reviewing your app whether it gets approved or disapproved. For example, let’s say you submit your app once and it gets approved the first time. The second time you submit it, it may get rejected for a reason that might have already been there the first time. It all depends on the person.
Therefore, it is always better to stay safe and make sure you are following guidelines to a T.
This is particularly where Facebook fell flat. The reason they got their enterprise certificate revoked was because they were distributing their internal apps to non-employees which, as we learned, is not part of the Enterprise Program.
If you need help with your internal company app, feel free to contact us today for a free consultation!