Eugene
Raynor

How to distribute in-house apps via manifest URL?

Eugene Raynor

Jun 25, 2021

11 min read

What are in-house apps?

In-house apps are private apps custom-built for an organization, to be used by employees within the same organization. These applications can be developed in-house, or sourced from third-party developers. In-house apps are not meant to be pushed to public users and cannot be deployed on public app stores. These applications are exclusively used to fulfill specific business needs and help employees to increase their productivity.

What is a manifest URL?

A manifest URL is a link to an XML file that describes the package contents of an application and specifies where the app is located. In addition, this file defines essential information about the app, including its name, version and identifier, along with details on how to find, download and install the app from your secure web server.

How do manifest URLs work?

A manifest URL is essentially a link to your app’s manifest file. The manifest file in turn, provides instructions on how to install your in-house app on the end user’s device. By uploading this manifest file to a secure web server (preferably one that’s only accessible to your authorized end-users), and providing the fully qualified https link to the manifest file, IT can seamlessly distribute apps via manifest URL to all their end-users.

Currently, there exist two ways to push your in-house apps to the authorized end-users:

  • By authorizing end-users to access the secure website where your in-house app is located, and download it
  • By using a UEM solution


Utilizing a UEM solution enables IT to easily distribute apps via manifest URL to the end-users. All they have to do is provide the download link to their UEM app inventory, and voila! You can now efficiently push your in-house apps with one touch, directly from the UEM portal itself. We’ve set up a detailed guide on how to achieve this down below.

Using Hexnode UEM, IT can distribute apps via manifest URL for iOS, macOS, tvOS, Android and Windows platforms.

Equip your enterprise with Hexnode’s application management capabilities

How to distribute iOS, tvOS, macOS in-house apps via manifest URL

Note:

To distribute private in-house apps to your end-users, your organization must have an Apple Enterprise Developer license (which costs 299$ per year). Distribution through this method does not require your applications to be reviewed by Apple. However, neither can you test Beta versions of the app through TestFlight.

To push in-house apps privately to your iOS, tvOS, macOS endpoints, you will first need to generate a developer certificate, a unique app ID, and a provisioning profile for your application. All of these can be obtained from the Apple Enterprise Developer portal.

If in case your in-house app is already ready for distribution and all you require is to edit your manifest file and deploy it, skip to the next section.

How to generate Apple Developer’s certificate
  • Login to your Apple Enterprise Developer account
  • Click on the option ‘Certificates, Identifiers and Profiles’
  • Select the option to add a new certificate
  • Follow the given instructions to create a certificate


How to create a unique App ID
  • Navigate to ‘Identifiers’ and click on the option to generate a new identifier
  • Select the ‘App ID option’.
  • Create a Bundle ID and provide a description for your App ID.
  • Preferable Bundle ID format: com.yourcompanyname.yourappname – eg: com.hexnode.hexnodemdm
  • Follow the given instructions to generate an App ID

How to create a provisioning profile
  • Navigate to ‘Profiles’ and click on the option to generate a new profile.
  • Depending on your requirements, fill out the given instructions and choose the App ID that was created earlier.
  • After following the required steps, go ahead and download the provisioning profile.

Once you’ve obtained the provisioning profile, open Xcode and select your created provisioning profile from, App Target > Build Setting > Signing > Provisioning Profile. Set the build destination, depending on your end-users’ device platforms. Then, validate your app by navigating to Product Menu > Archive > Validate. On successful validation, push the app by selecting Distribute > Save for Enterprise Deployment.

You must check the ‘Include manifest for over-the-air installation’ checkbox.

Once you save the app package, Xcode will generate a manifest (.plist) file for your application.

How to edit iOS/tvOS manifest file

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
 <dict>
  <key>items</key>
  <array>
   <dict>
    <key>assets</key>
    <array>
     <dict>
      <key>kind</key>
      <string>software-package</string>
      <key>url</key> <string>[HTTPS LINK TO THE .IPA FILE]</string>
     </dict>
    </array>
    <key>metadata</key>
    <dict>
     <key>bundle-identifier</key>
     <string>[BUNDLE IDENTIFIER]</string>
     <key>bundle-version</key>
     <string>[APP VERSION]</string>
     <key>kind</key>
     <string>software</string>
     <key>title</key>
     <string>[APP NAME]</string>
    </dict>
   </dict>
  </array>
 </dict>
</plist>

Your IT must edit this file by replacing the following contents of the file.

  • [https link to the IPA file]: Replace with the website URL where your (.ipa) is uploaded. (You will have to complete the next step before filling this field.) (eg: https:// downloads/hexnode.com/manifest.plist)
  • [Bundle ID]: Replace with the unique App ID you created from the Apple Enterprise Developer portal. (eg: com.hexnode.hexnodemdm)
  • [App name]: Replace with the name of your application. (eg: Hexnode MDM)
  • [App version]: Set your app version as 1. With new updates, increment this value by one numerical.

How to edit macOS manifest file

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN""http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
 <dict>
  <key>items</key>
  <array>
   <dict>
    <key>assets</key>
    <array>
     <dict>
      <key>kind</key>
      <string>[KIND]</string>
      <key>[MD5 / SHA256]</key>
      <integer>[MD5 / SHA256 size]</integer>
      <key>md5s</key>
       <array>
        <string>41fa64bb7a7cae5a46bfb45821ac8b99</string>
        <string>51fa64bb7a7cae5a46bfb45821ac8b98</string>
        <string>61fa64bb7a7cae5a46bfb45821ac8b97</string>
       </array>
      <key>url</key>
      <string>[HTTPS LINK TO THE APP PACKAGE]</string>
     </dict>
    </array>
   </dict>
  </array>
 </dict>
</plist>

Your IT must edit this file by replacing the following contents of the file.

Compulsory:

  • [https link to the app package]: The fully qualified https URL of the app package (eg: https:// downloads/hexnode.com/manifest.plist)
  • [kind]: Must be set to ‘software-package’

Optional (for chunking):

  • [md5 / sha256-size]: The size of each chunk. (default: 10485760)
  • [md5s / sha256]: The md5/sha256 hashes for each chunk (default: md5-size)

Once you’ve created your in-house app and generated a manifest file, you must upload the app package and the (.plist) manifest file to a secure (https) server. However, in the case of Apple in-house apps, a few additional requirements must be met to upload and push your application successfully.

Additional requirements

  • Your manifest file and app package must be put in the same folder. Preferably, the folder name must be same as your application name.
  • Your in-house app must be signed by a certificate that’s trusted on the end-users’ device.
  • Your in-house app must allow the end-users’ device to communicate to an Apple server.
  • The website that hosts your in-house app must be signed by a certificate that’s trusted on the end-users’ device

Configuring manifest file on a Mac
Configuring manifest file on a Mac
 

Now, when generating a link to download your application, do not provide the URL link to the app package location. Instead, provide the URL link to the location of the manifest (.plist) file.

The sample XML code for creating a download button will be of the format: https://downloads/hexnode.com/HexnodeMDM.ipa


Once the end-user clicks on this link, the manifest file is downloaded, which in turn triggers the download of your in-house app.

Here’s how the sample link for the manifest (.plist) will look like: https://example.com/manifest.plist

Now, after the end-user installs the application and launches it for the first time, a pop-up will appear, which will prevent the app launch until they confirm the developer’s trust on their device. This must be done by navigating to Settings > General > Profiles and Device Management, and enabling the option to trust the developer.

You can avoid this step if you’re using a UEM solution. (Apple does not review applications that are installed from a UEM solution)

If you’re using a UEM solution to push your in-house app, all you have to do is enter the URL of the .plist file in the UEM portal. The UEM portal will add your in-house app to the app inventory, following which IT can easily deploy the application to the end-users’ devices.

How to distribute Android in-house apps

Unlike Apple, Android in-house apps do not require a separate manifest URL when distributing these applications outside the app store. Instead, the manifest file is bundled with the Android .apk itself. Once it is ready for deployment, all that your IT requires to push these apps, is the URL link to the .apk file.

Before providing the URL link to your app, make sure that it is uploaded on a secure (https) server. Now, when generating the link to download your application, provide the full URL link to the location of the .apk file.

Sample URL link: https://downloads/hexnode.com/HexnodeMDM.apk

Once an end-user clicks on this link, the download of your in-house app is initiated.

If you’re uploading your in-house app to your UEM app inventory, provide the app URL, along with its bundle identifier, version name and version code.

This is an example!

  • Bundle identifier: com.hexnode.hexnodemdm
  • Version code: 1
  • Version name: 1.01


The version code represents the nth version of your app. In case of app updates, the version code will be incremented in single-digit numericals. However, the version name is incremented entirely based on developer preference.

App distribution on Android
App distribution on Android
 

How to distribute Windows in-house apps

Similar to Android apps, Windows in-house apps do not require a separate manifest URL when distributing them outside the app store. Instead, the manifest file is bundled with the .msi itself. Once the application is ready for deployment, IT just needs the URL link to this .msi file to begin distribution.

Here too, you must make sure that the application is uploaded on a secure server, before providing the URL link to the location of the .msi file.

Once an end-user clicks on this link, the download of your in-house app is initiated. Even when uploading your in-house app to your UEM app inventory, you can use this same URL link to initiate the download.

Sample URL link: https://downloads/hexnode.com/HexnodeMDM.msi


  
                 
 
                
Share
  •  
  •  
  •  
  •  
  •  
Eugene Raynor

Seeking what's there lurking over the horizon.

Share your thoughts