Deploying internal apps on an iPhone

Scott Lowe walks through the steps that you need to take when deploying internal apps for iPhone users.

Along with the rise of the app store come new challenges for IT departments, particularly those that develop standalone applications intended for internal consumption. When combined with burgeoning BYOD initiatives, IT developers now have a number of new target platforms to consider in their efforts. Not only is there an additional development burden, but there's also the challenge of distribution once applications are ready for prime time.

Unfortunately, the app stores that we always hear about -- Android's Google Play, the Apple App Store, and the Microsoft application store -- don't always publicly lend themselves to this activity. Especially early on, it was a chore for organizations to develop their own apps and even more difficult to distribute their apps in a controlled manner. Sure, it's always been possible to add applications to the various app stores, but the apps are then available for public consumption, which is not always desirable.

In this post, I'll cover the process you need to go through to deploy custom apps in a way that doesn't require you to make the app available to the public. I'll focus here on iOS-based apps and will cover other platforms in a future article.

Further, I'm focusing here on the deployment aspect of application development. This assumes that you've already got an app that you wish to deploy.

Device choices

Apple provides you with three primary choices when it comes to devices to which applications can be deployed:

  • iPod Touch
  • iPhone
  • iPad

As you know, these are common devices, and a whole lot of your employees probably already have one or more in their possession. All are appropriate devices if your application requires only occasional access and can operate over an existing Wi-Fi network. If your application requires constant connectivity, you'll need a 3G-capable iPad or an iPhone. Because they're more common, we'll be focusing on iPhones here.

Deployment process

Once it's time to deploy your new app to a broad internal audience, there are a number of steps that you need to take.

Obtain a distribution certificate

In order to develop for the iOS platform, you need to be signed up for Apple's enterprise developer program. You can get an enterprise distribution certificate from Apple's iOS provisioning portal. Once you log in to the provisioning portal, you're walked through the certificate acquisition process.

Get a distribution provisioning profile

A provisioning profile is used to link a device with a certificate in order to allow an app to work on a device. There are two kinds of provisioning profiles:

  • Ad hoc. An ad hoc provisioning profile uses specific devices IDs that are uploaded to the developer portal. An ad hoc provisioning profile is generally used during development or limited deployment, since it supports only up to 100 devices.
  • Enterprise. Enterprise provisioning profiles are coupled with online distribution certificates and scale beyond ad hoc methods.

A provisioning profile is necessary on each device to which you intend to deploy your internally created app. The distribution provisioning profile matches up to the certificate you obtained in the previous step. You're able to create a profile for a specific app or for multiple apps. With this profile, coupled with the distribution certificate, an app can be authorized on a user's device. If a user manages to get an app but doesn't have the provisioning profile, the app won't work  Both components are necessary.

You can use the iPhone Configuration Utility to install distribution provisioning profiles on target devices. Here's how:

  1. From the utility, go to File | Add to Library
  2. Select the desired distribution provisioning profile
  3. Go to the Connected Devices list
  4. Select a connected device
  5. Go to the Provisioning Profiles tab
  6. Select the provisioning profile
  7. Click the Install button

Xcode signing

Now, back to your Xcode development platform. Sign your code using the certificate that you obtained. From there, export your app from Xcode. Remember, the certificate/provisioning profile combination determines the devices to which the app can be deployed.


With the underpinnings now in place for your app to be distributed to your waiting users, you need to figure out how to get the app into the hands (or devices) of your users. There are multiple ways that you can distribute your new app:

  • Via a web server. This is the easiest method from a scale perspective and requires only that you place your app on a web server. From there, use your normal communications channels to notify users that the app is available. The notification includes the full URL to the app. Users simply open the link on their provisioned device and the app is installed. For complete instructions, including how to structure the XML file that's necessary to deploy using this method, refer to Apple's resource page. The administrator doesn't have to do anything else except make sure that the web location remains accessible.
  • Through the iPhone Configuration Utility. This is a tool that allows the creation of profiles for mobile devices and lets administrators install apps for users.

    1. In the utility, go to File | Add to Library
    2. Select the app that you want to install
    3. Go to the Connected Devices list
    4. Select a connected device
    5. Go to the Applications tab
    6. Select the app
    7. Click the Install button
  • Via iTunes. You can also have your users visit iTunes to install the new app:

    1. In iTunes, go to File | Add to Library
    2. Select the app file (.app, .ipa, or .mobileprovision)
    3. Have the user connect the device to the computer
    4. From the device's Apps tab, select the app
    5. Click Apply
  • Using a third-party mobile device management (MDM) tool. If your organization makes use of a third-party MDM tool, determine whether or not that tool is capable of deploying the app to the desired devices.


This is a high level look at the process that's necessary to deploy apps that are built in-house. For iOS devices, there's no getting around the fact that you need an Apple Developer Program subscription to get started -- so start there, and move on.

Has your organization deployed internal apps for mobile devices? Share your experience in the discussion thread below.