0

I am enrolled in ios developer enterprise program and was wondering how can I password protect my app?

So, my situation was that I wanted any user to enter Username / Password to authenticate first and then be able to download the App.

No UDID restriction or whatsoever.

I read on some SA post that I can do it ios developer enterprise program. But my question is how can I do it? Are there any article or steps mentioned somewhere or may be any blessed soul could mention it here please?

Thanks

Steve
  • 2,546
  • 8
  • 49
  • 94
  • 1
    You can simply put it on a server that requires you to put in a password to access the IPA link to start the download. – LyricalPanda Aug 19 '14 at 15:42
  • But wouldn't that require me to have AdHoc Distribution and have the UDID of the downloaders beforehand? – Steve Aug 19 '14 at 16:12
  • 1
    You don't need the UDID of the downloads beforehand. You said you have the iOS enterprise program, which is designed for large companies to deliver internal apps to their users (there is no device limit in case the company had > 100 people) without using the AppStore. It allows you to use a server to distribute the app to whoever. The caveat is if you are found distributing it to non-company employees Apple has the right to revoke your enterprise program. I don't remember about the AdHoc distribution, but it's pretty easy to create another profile if you don't have one on your account. – LyricalPanda Aug 19 '14 at 16:19
  • 1
    Sorry, forgot to mention that this should only be done if you are giving it to employees of your company (or a company you are developing on behalf of, if the enterprise program is under their name). If you are doing it for clients, then you can look to see if B2B will meet your needs. If neither of these are the case, then you can push to the app store but force them to have credentials to login/use the app. It really depends on what your target audience is. – LyricalPanda Aug 19 '14 at 16:51
  • First of all, thank you very much for your assistance. Ok, so employees which will be using the app have the enterprise account on their company's name; so that's good. The only problem I have no indication anywhere where I can set the username/pwd. First is server authentication; any idea where I'd set it up? The second thing you mentioned is within the app; does that mean that I'll implement username/pwd in the app and it will only take me forward when username/pwd authenticates? – Steve Aug 19 '14 at 17:05
  • Yep, I've worked on one enterprise level app that required people to have an enterprise account, even though it was free on the app store. People could download the app but w/o credentials they couldn't get into it. – LyricalPanda Aug 19 '14 at 17:45
  • Oh, so they had an enterprise account but still you implemented the credentials into the app, that they could download the app but had to authenticate themselves before going in, right? – Steve Aug 19 '14 at 18:00

1 Answers1

2

After confirming you have an enterprise developer account and the account is actually under the company, I'm assuming this app is solely an internal-app for the company the developer account is under. This means you can leverage OTA or Over-The-Air transmission. The first thing you'll need to do is archive the app. In one of the last steps instead of the submission to apple store option, you can select to deliver wirelessly. This will create a plist and an ipa. Note that you need to get all the URLS correct in the plist, including the icon URLs otherwise OTA installation can fail.

So you now have your plist and an ipa. What you need to do is get access to their server. They probably have some server guys already, so all you need to do is hand them a file, or ask for FTP permissions. Now you have two options:

1) Recommend that this app is only on an internal server available only on the company wi-fi. This will make it much more secure so that people don't have access to the app by stumbling across it on the web.

2) Put it on the web behind some authentication and hope the server isn't found/hacked.

Once this has been settled, you now need to point to the plist. What happens is your phone will mimic the iTunes store installation with your plist. You need to point to it via something like:

<a href="itms-services://?action=download-manifest&url=localFilePath/APP.plist">App Link </a>

Note that the href has a special link and keyword. This will tell the iphone that there is an App it should install, using the provided plist URL. The phone will go out and download the pList, which will have the URL for your ipa. The phone will then go out to grab the IPA and start installing.

LyricalPanda
  • 1,424
  • 14
  • 25
  • Thank you very much Lyrical. I appreciate this. This is very clear and concise to follow. The only small gripe here is that I can't see the option of "Deliver Wirelessly" in the last steps instead of the submission to apple store option. Any idea why this is happening? – Steve Aug 19 '14 at 17:44
  • Looks like my memory is going bad already - Check out these two links that show different ways to do it depending on your xCode version. Looks like I was wrong on how to create the OTA build. http://shinydevelopment.com/blog/over-the-air-ios-provisioning-and-distribution/ http://iosdevelopertips.com/xcode/distribute-ad-hoc-applications-over-the-air-ota.html – LyricalPanda Aug 19 '14 at 17:54
  • Yup Lyrical, as mentioned in these links too, the OTA is out of question. It needs us to have UDIDs of the people first and then we can send them the link like App Link . So I guess OTA is out of question. – Steve Aug 19 '14 at 18:02
  • The part about needing UDIDs is incorrect. I've set up OTA for two different Apps under two different enterprise accounts before that was delivered to more than 100 devices per account. This SO answer also verifies you can OTA without needing UDIDs: http://stackoverflow.com/questions/8830194/can-i-distribute-my-app-for-any-device-without-udid `"Enterprise developers can't submit to the app store, but they can sign apps for installation onto any device, without knowledge of UDIDs"` – LyricalPanda Aug 19 '14 at 18:06