3. Apps and Provisioning
One of the iPhone Configuration Utility’s jobs is to help you install and manage applications on iOS devices. We aren’t talking about apps from the App Store, but, rather, in-house applications written for your company that will be used only by company-authorized devices. These are also known as enterprise apps.
Enterprise apps differ from App Store products in a number of ways. First, they aren’t vetted or looked at by Apple. There are no rules as to what an enterprise app can or cannot do. They aren’t distributed via the App Store, either. In this chapter, you’ll see how you can use the iPCU to install enterprise apps on an iOS device. (However, we won’t be looking at how you create an app because that’s beyond the scope of this book.)
Using Provisioning Profiles
A provisioning profile is a binary file used to distribute apps to iOS devices outside of the App Store. It contains certificate, device, and app information required to install an enterprise app on an iOS device.
One important caveat here is that you can’t add random provisioning profiles and apps to the iPCU and install an app on any device you choose. App installation requires more than a little coordination between the app’s developers and users. Each device that will receive the app must be registered in the company’s iOS provisioning portal. Once that is done, a provisioning profile for that device can be generated.
Understanding the Provisioning Portal
It’s important to talk a bit about the provisioning portal because it’s central to distributing apps. Unless you jailbreak your iOS devices (a technique that we are not going to discuss in this book), you need a provisioning profile to install iOS apps that aren’t on the App Store.
The provisioning portal is key to using apps for two primary reasons: One reason is to set up devices so that you can test apps before submitting them to the App Store—but we don’t really care about that for this book. The other reason, which we do care about—is managing provisioning profiles and iOS devices to ensure that you can install your apps on those devices with ease and efficiency.
However, to use the provisioning portal, you must be a registered member of Apple’s iOS Developer Program or iOS Enterprise Developer Program.
When you’re a member, you can log into the iOS Dev Center and use the portal at http://developer.apple.com/ios/manage/overview/index.action. I’m not going to go over the portal in great detail. A lot of it involves things that only developers care about. But because I am going to talk about the provisioning portal throughout this chapter and the rest of the book, I thought it a good idea to spend some time on the portal.
Learning More About Profiles and Devices
While somewhat annoying, using provisioning profiles ensures that you get the application you think you’re getting, and only that app. It would be a bigger annoyance to discover that the app you installed was modified to include root kits and other malware. By requiring the use of digitally signed apps with a device- or company-specific provisioning profile, the potential for this kind of problem is mitigated.
By the same token, this authentication process also ensures that random file sharing sites can’t distribute your company’s work to the entire Internet—an important consideration if the app in question contains proprietary or sensitive data.
Once the provisioning profile is created by the developer, using it is dead simple. Open the iPCU, and in the Library, select Provisioning Profiles (Figure 3.1). Then, you can either drag the profile (a .mobileprovision file) into the top pane of the Provisioning Profile section; or, click the Add button, navigate to the profile, and click Open to add it to the iPCU. After the profile is installed, you can see it in the top pane of the iPCU’s Provisioning Profile section.
Figure 3.1. Provisioning Profiles selected in the iPCU
Performing Larger Scale Distribution
When you have only a few devices to manage, it’s okay to create a unique provisioning profile for each device and manually add it to your company’s iOS portal, but what about when you need to distribute applications to large numbers of devices?
In that case, you need to create a file that can add all your company’s devices to the portal at once. So let’s take a look at doing just that.
Uploading Multiple Devices
First, you’ll need to inform the iPCU about all your devices. That’s pretty simple. Just plug the device into the iPCU long enough for it to show up in the Devices section. Once the device is recognized, you can unplug it and move on to the next. The iPCU will remember each device. Then select the devices you want to add to your company’s provisioning portal, and choose File > Export. Give the file a name, and the iPCU will create a .deviceids file for all those devices.
The .deviceids file is an XML plist-style file that contains one entry per device. Each entry contains the device’s name and identifier, a unique alphanumeric string that identifies the device to the provisioning portal. For example, here are the contents of a .deviceids file with just my iPhone in it (with the device identifiers changed):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Device UDIDs</key>
<array>
<dict>
<key>deviceIdentifier</key>
<string>67d9631117a7a63042100deba49e3990289e6865</string>
<key>deviceName</key>
<string>BynkPhone</string>
</dict>
</array>
</dict>
</plist>
It’s pretty simple to figure out. Every additional device has a new <dict> section that contains its name and identifier. The handy thing about this is that if you already have those two pieces of information somewhere else—like an asset database of some kind—you could use that database to generate this file without using the iPCU. As you’ll see in Chapter 6, you could create a script that would read the data in the iPCU, and then automatically generate the .deviceids file for you.
Or, iPCU could generate a .deviceids file of company devices for use not only with the provisioning portal, but also to create a database of device names and identifiers that you can use in other ways.
Apple is smart enough to use plain text for this file, so your options for using the .deviceids file are rather large.
However you create the file, you then upload it into your company’s provisioning portal. To do that, go to your iOS provisioning portal, and select Devices. In the Manage tab, you’ll see two buttons: Upload Devices and Add Devices. Click Add Devices when you want to add just one device at a time. Click Upload Devices to add multiple devices at once via a .deviceids file.
To add one device, click Upload Devices, and then click Choose File. Navigate to your .deviceids file, and click Choose. Then click the Submit button, and the portal will process your devices.
Now you’re set to create a single enterprise distribution profile that will work for all your devices.
Applying Distribution Profiles
As a warning, this section assumes that you have done all the necessary work to set up your provisioning portal. At that point, creating a distribution profile is pretty simple.
Go to the Distribution section, and in the Prepare App tab, click “Create and Download a Distribution Provisioning Profile for Enterprise In-House Distribution.” You’ll see step-by-step instructions for creating your enterprise distribution profile. Once the profile is created, you can download it by going to the Provisioning section of the provisioning portal, selecting the Distribution tab, and clicking Download.
When the file is downloaded, drag it to the top pane of the Provisioning Profile section in the iPCU (Figure 3.2) and you’re set.
Figure 3.2. Distribution profile added to the iPCU
Really, this looks a lot more complicated in text than it does in real life. If you read the documentation from Apple for the portal and pretty much do as it tells you, you can have an enterprise distribution profile ready to go in a few minutes.
However you choose to proceed, you now have your provisioning profile set up in the iPCU. Now let’s set up your app.
Using Applications
This is actually the easiest part. First, you need the app you’re going to install. Note that you don’t actually need a provisioning profile to set up an app in the iPCU. Of course, you can’t install the application without that profile, so setting up the app without the profile is of little use. But it’s worth noting that the iPCU doesn’t care about the order of setup. Once you have the app file in the iPCU, you can click Applications and drag the app file into the top pane of the Applications section; or you can click Add, navigate to the app file, and click Open. Either way, once you’re done, your app is ready to go. Really, it’s that simple. Get the app and the provisioning profile set up in the iPCU and you’re ready to install the app.
Installing and Uninstalling Apps and Profiles
You have your provisioning profile and your app. Now, it’s time to install. When using the iPCU, installing an app onto a device is not much harder than installing an app to the iPCU as long as you remember the proper order: profile first, then app. Actually, you can’t really get that wrong because the iPCU won’t let you install an app on a device that doesn’t have the correct profile.
First, fire up the iPCU and attach a device to it via USB. Obviously, this should be a device with a profile that you created. The iPCU will sprout a Devices section with the connected device displayed in it. This section is different than the other Devices section that is always there. This Devices section is where you manage a currently-connected device.
When you select the currently-connected device in the iPCU, you’ll see a row of tabs across the top of the pane. The first tab you’re concerned with is Provisioning Profiles. Click it and you’ll see all the profiles that may be installed on the device (Figure 3.3). Each of those profiles has an Install button. Click Install for the desired profile.
Figure 3.3. Profiles ready for installation to a device
Once that’s done (it takes about two seconds for an iPhone 3GS), the button changes to a Remove button. (You can click Remove to manually remove the profile from the device. Amusingly, if you remove the profile, you get a Big Scary Warning that this action cannot be undone. Well, in the Command-Z sense of undo, I suppose that’s true. However, if you click the Install button again, you’ll reinstall the profile and undo the removal.)
The next tab you care about is the Applications tab (Figure 3.4). Again, you’ll find no surprises here. When you click the Applications tab, you’ll see all the enterprise or App Store apps installed on this device.
Figure 3.4. The Applications tab lists all apps installed on the device.
What you’re looking for are apps with an Install button next to them. Assuming you’ve installed the right profile, click Install for the desired app and a few seconds later, it’s installed. No fuss, no muss.
Currently installed apps will have an Uninstall button next to them. If you click Uninstall for an App Store app, you’ll get another Big Scary Warning about not being able to undo your action. This time, however, it’s not kidding. If you want to reinstall an App Store app, it’s back to iTunes you go.
On the other hand, if you want to remove App Store apps that shouldn’t be there, the iPCU is a very fast way to do so. Click Uninstall, click OK to the warning, and in a few seconds the app is gone—no requests for final reviews, no nothing. Bang. Gone. It’s not deleted out of iTunes, but it is definitely off the device.
Wrapping Up
This was a busy chapter, especially in terms of profiles and portals. But, understanding them will be important when you later learn about other ways to distribute apps, including wireless distribution. For now, you should be able to install apps via the iPCU and understand the process behind that installation. The installation mechanics may change in terms of step-by-step activity, but the principles will probably stay constant.