Over the Air (Ota) iOS IPA File Distribution for Public

Over The Air (OTA) iOS IPA File Distribution For Public?

I work in a company that releases on a private store too, and it works in a very similar way. The only difference is, Apple does not check the app and it takes 1 minute to upload it, not 2 weeks.

How it works :

1. Generate the ipa for entreprise distribution (with the correct provisioning profiles)
2. Upload the ipa wherever you want, if you need something beautiful, you could make an app that lists your IPA (your own private store) with information about it, and a link to download it (look below)
3. Upload the .plist file and make it so the url in the url field is the .ipa that you uploaded on step 1.
4. Create a basic HTML page with this line where you want it :

5. Users can now click it and download ;)

   <a href="itms-services://?action=download-manifest&url=YOUR-UPLOADED-PLIST-FILE.plist">Click here ;-)</a>
   

Note that you're not allowed to publish apps publicly like this. This is meant, for example, to distribute apps within your own company. More specifically and as an example, we had 4 apps. The store, a timesheeting app, a contact/adress book, and other specific apps that don't need to be explained. But it would be against the EULA of Apple to share any of those apps (or download links) publicly. Trying to publishing on the Apple app store would also not pass the review.

That being said, this is very practical and useful for many companies in a lot of cases, because you're free to not follow any guideline, and avoid the stressful review.

Any other questions :) ?

iOS Enterprise App distribution OTA

Finally I was able to fix the issue. I see issue was with not having correct signing certificate. For anyone who want to distribute the app in-house without MDM they can follow steps in below blog post.
https://medium.com/apps-studio/distributing-enterprise-ios-app-in-house-without-mdm-3ed015009893

Security of over-the-air distribution of enterprise iPhone apps - OTA iOS

In order to use OTA iPhone app, the person who is attempting to download the app must install the proper certificate.

Enterprise Apps are limited to 1000 OTA installs, which Apple can track on their end.

For non enterprise developer accounts, you have a 100 device limit, which first have to get the device UDID up to the provisioning portal, before they can install the proper certificate to run the app.

So while you can free distribute the ipa (over HTTP or FTP or whatevs) they'll still need the proper valid certificate, and that is controlled.

Of course there are probably ways around this, but in general that's how Apple protects OTA installs.

IOS Enterprise Distribution Through OTA

As of December 2011, these are the steps:

1. Create a provisioning profile in your Apple Enterprise account
2. Set this as the Code Signing Identity under the Build setting of your app.
3. Make sure the Bundle ID matches that of the provisioning profile.
4. Select Product > Archive to build IPA file.
5. Click Share (aka Distribute) button after selecting your Archive.
6. Set Contents radio button to iOS App Store Package (.ipa)
7. Make sure Identity in dropdown is the one used from Enterprise account.
8. Click Next
9. Select the check box "Save for Enterprise Distribution"
10. For Application URL put in the URL that points to where the ipa file will be placed (example: http://oursite.com/myApp.ipa)
11. Click Save. This will save a plist & an ipa file for you.
12. Place these files on your server with a link formated like this:
    
    <a href="itms-services://?action=download-manifest&url=itms-services://?action=download-manifest&url=http:/oursite.com/myApp.plist" id="text">
13. Go to this page from your device and click the link to install the app

OTA ipa distribution using localhost

I finally figured it out..

For those who are interested in the solution, here are the steps for making OTA work on your local machine with localhost.

• Setup a webserver on your local machine (macOS has a built-in one)
• Install minica using homebrew (for generating SSL certificates)
• Make the website accessible through https://localhost (or https://{hostname}) (here is a nice article on how to do that)
• Use minica to generate the certificates instead of making them on your own (simply skip the Generate a private key and certificate for your site step mentioned in the article, and use minica --domains {hostname} command which will generate the necessary certificates for you instantly. You can find the generated Root CA certificate with the key at ~/minica.pem and ~/minica-key.pem,
  and your domain's certificates at ~/{hostname}/(cert/key).pem,
  where {hostname} is the hostname of your local machine. If you're not sure what is your machine's hostname, just open the terminal and type hostname.
• In the /etc/apache2/extra/httpd-ssl.conf specify SSLCertificateFile, SSLCertificateKeyFile and SSLCACertificateFile paths to /path/to/key.pem,/path/to/cert.pem and /path/to/minica.pem correspondingly.
• Import minica.pem and cert.pem to the keychain and change to "Always trust".
• Restart your webserver.
• Send both minica.pem and cert.pem to the iPhone (using AirDrop or whatever), install the profile, and trust them both from the Certificate Trust Settings screen)

That's basically it. Just use https://{hostname} instead of https://localhost everywhere in your HTML code and in manifest.plist file so that you can access the website's content from the mobile device in the same network.

---

Related Topics