Apple's App Store now allows unlisted apps
Businesses are invited to make their limited-audience apps available only through a direct link
Apple has launched a feature for developers that facilitates the publication of apps for "limited audiences" to its App Store on an unlisted basis.
The new app distribution service is targeting the business and education sectors specifically, and unlisted apps will not appear in the App Store under any categories, recommendations, charts, search results, or other listings.
Possible use cases Apple suggested were apps built specifically for organisations, special events such as a corporate party or conference, research studies, or other employee resources. Feasibly, the feature would also be useful for businesses running remote workforces, but require business or sector-specific software on their staff's personal devices.
In addition to direct links, apps can also be accessed and distributed via Apple Business Manager - Apple's proprietary mobile device management (MDM) solution for businesses running Apple products, or Apple School Manager - its equivalent for the education sector.
Developers who have apps already approved and listed for public download on the App Store, and those whose apps have not previously been approved, can simply submit a request form to Apple which will then send them a link to their unlisted app.
Businesses who already have their app approved for private downloads in Apple Business Manager or Apple School Manager will need to re-submit their binary in a new app record within App Store Connect, and set the distribution method to 'public' before completing the request form. If approved, the app will be visibly shifted to an unlisted app within App Store Connect and developers can continue updating the app according to the normal app release process.
Apps that have previously been made public will keep the same unlisted direct link as they did when they were public but developers also have the option of converting the link via a URL shortener.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Apple recommends "implementing a mechanism within your app to prevent unauthorised use" as although the app won't be publicly searchable, the direct link could still be shared with unwanted audiences.
Apple has had a similar private app distribution policy as part of its Apple Developer Enterprise Programme for a number of years now. Eligibility requirements include: developer houses to have more than 100 employees in the business, have systems in place to ensure only employees can download the app, and be legal operation, among others.
The programme was eventually abused by rogue developers as a way to distribute malicious apps or apps that otherwise violate the App Store policies. Illicit app stores were built to distribute such apps and Facebook was one of the higher-profile abusers of the feature, marketing a data-gathering app masquerading as a VPN in just one small branch of the much wider Cambridge Analytica scandal.
Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.