DOMAIN:IOS_DEVELOPMENT:DISTRIBUTION¶
OWNER: martijn
ALSO_USED_BY: valentin, leon (release management)
UPDATED: 2026-03-24
SOURCE: Apple Developer Documentation, App Store Connect Help (2025-2026)
DISTRIBUTION:ROUTES_OVERVIEW¶
| Route | Account Type | Annual Fee | Audience | Review Required | MDM Required |
|---|---|---|---|---|---|
| App Store (public) | Individual or Organization | $99 | Anyone | Yes | No |
| App Store (unlisted) | Organization | $99 | Link-only | Yes | No |
| TestFlight (internal) | Any Developer | $99 | Up to 100 team members | No | No |
| TestFlight (external) | Any Developer | $99 | Up to 10,000 testers | Yes (first build + significant changes) | No |
| Ad Hoc | Any Developer | $99 | Up to 100 registered devices | No | No |
| Custom Apps (ABM/ASM) | Organization | $99 | Specific organizations | Yes | Recommended |
| Enterprise (In-House) | Enterprise | $299 | Organization employees only | No | Recommended |
| Web Distribution (EU) | Organization (EU) | $99 + CTF | EU users only | Notarization | No |
| Xcode direct install | Any Developer | $99 | Development devices | No | No |
DISTRIBUTION:APP_STORE_PUBLIC¶
STANDARD: App Store Review Guidelines §1-5
PREREQUISITES:
- Apple Developer Program membership ($99/yr)
- App Store Connect account configured
- App ID registered in Apple Developer portal
- Distribution certificate (Apple Distribution)
- App Store provisioning profile
- App icon: 1024x1024 PNG (no alpha, no rounded corners — Apple applies mask)
- Screenshots: required for each supported device family
- Privacy policy URL (mandatory for ALL apps)
- App description, keywords, categories
- Age rating questionnaire completed
- Export compliance information
- IF app uses encryption THEN file encryption registration or claim exemption
PROCESS:
1. Archive build in Xcode (Product → Archive)
2. Upload to App Store Connect (Xcode Organizer or xcrun altool or Transporter)
3. Wait for processing (~5-30 min)
4. Configure app metadata in App Store Connect
5. Submit for review
6. Review takes 24-48 hours (median), can take up to 7 days
7. IF approved THEN set release date (immediate, manual, scheduled)
8. IF rejected THEN read Resolution Center, fix, resubmit
TOOL: xcodebuild archive -scheme MyApp -configuration Release -archivePath build/MyApp.xcarchive
TOOL: xcodebuild -exportArchive -archivePath build/MyApp.xcarchive -exportPath build/export -exportOptionsPlist ExportOptions.plist
TOOL: xcrun altool --upload-app -f build/export/MyApp.ipa -t ios -u "$APPLE_ID" -p "$APP_SPECIFIC_PASSWORD"
ANTI_PATTERN: uploading without incrementing build number
FIX: build number must be unique per upload — use agvtool next-version -all or CI build counter
ANTI_PATTERN: submitting with placeholder content (lorem ipsum, TODO screenshots)
FIX: Apple rejects placeholder content — §2.3.1. All metadata must be final.
DISTRIBUTION:APP_STORE_UNLISTED¶
STANDARD: App Store Connect Help — Unlisted App Distribution
PREREQUISITES: same as public App Store + Organization account (not Individual)
USE_CASE: app accessible only via direct link, not searchable in App Store
NOTE: still goes through full App Store Review
NOTE: anyone with the link can download — not truly private
IF: client wants discoverable app for general public
THEN: use public listing
ELSE IF: client wants app for specific group but no MDM infrastructure
THEN: unlisted is appropriate
ELSE IF: client needs strict access control
THEN: Custom Apps via Apple Business Manager
DISTRIBUTION:TESTFLIGHT¶
STANDARD: TestFlight documentation, App Store Connect Help
PREREQUISITES:
- Apple Developer Program membership
- Build uploaded to App Store Connect
- Build processed successfully
Internal Testing¶
- Up to 100 testers (must be App Store Connect users with role)
- No review required
- Available immediately after processing
- Tester roles: Admin, App Manager, Developer, Marketing
External Testing¶
- Up to 10,000 testers (email invite or public link)
- First build requires Beta App Review (~24 hours)
- Significant changes trigger re-review
- Builds expire after 90 days
- Public link: generates shareable URL, can set tester limit
RULE: ALL GE client apps use TestFlight for beta testing
RULE: internal testing for dev team, external testing for client stakeholders
RULE: public TestFlight link only with client approval
TOOL: fastlane pilot upload --ipa build/MyApp.ipa
TOOL: fastlane pilot distribute --groups "Client Stakeholders"
ANTI_PATTERN: using Ad Hoc distribution for beta testing
FIX: TestFlight is superior — OTA install, crash reports, feedback, no device registration needed
DISTRIBUTION:AD_HOC¶
STANDARD: Apple Developer Documentation — Ad Hoc Distribution
PREREQUISITES:
- Apple Developer Program membership
- Ad Hoc provisioning profile
- Target device UDIDs registered (max 100 per device type per year)
- Distribution certificate
RULE: 100-device limit is per membership year, per device type (100 iPhone + 100 iPad + 100 Apple Watch etc.)
RULE: device slots do NOT reset mid-year — removing a device does not free the slot until renewal
NOTE: device registration resets at membership renewal
USE_CASE: quick testing on specific devices without TestFlight
USE_CASE: demo builds for trade shows
ANTI_PATTERN: using Ad Hoc for ongoing beta testing
FIX: use TestFlight — no device limit, OTA updates, crash reporting
ANTI_PATTERN: forgetting to collect UDIDs before creating profile
FIX: use Apple Configurator or instruments -s devices to get UDID, then add to portal BEFORE creating profile
DISTRIBUTION:ENTERPRISE_IN_HOUSE¶
STANDARD: Apple Developer Enterprise Program License Agreement
PREREQUISITES:
- Apple Developer Enterprise Program ($299/yr)
- Organization must have DUNS number
- Organization must have 100+ employees (Apple's stated threshold)
- Apple approval (manual review of application)
- In-House distribution provisioning profile
- Enterprise distribution certificate
RULE: ONLY for apps distributed to the organization's OWN employees
RULE: NEVER distribute enterprise-signed apps to customers, partners, or the public
RULE: violation = immediate certificate revocation (kills ALL enterprise apps instantly)
RULE: Apple actively polices misuse — automated detection + manual audits
CHECK: does the app serve only the organization's employees?
IF: yes AND organization has 100+ employees AND has DUNS
THEN: Enterprise Distribution is appropriate
ELSE: use App Store, Custom Apps, or unlisted distribution
ANTI_PATTERN: using Enterprise certificates to bypass App Store review
FIX: Apple has revoked major enterprise certificates (Facebook, Google in 2019). Zero tolerance.
ANTI_PATTERN: third-party app distribution services using enterprise certs
FIX: this is TOS violation. Apple monitors and revokes.
NOTE: enterprise certificates expire every 3 years — provisioning profiles expire annually
NOTE: IF certificate revoked THEN every app signed with it stops working immediately, no grace period
DISTRIBUTION:CUSTOM_APPS_ABM¶
STANDARD: Apple Business Manager Help, App Store Connect — Custom Apps
PREREQUISITES:
- Organization Apple Developer account ($99/yr)
- Client organization enrolled in Apple Business Manager (ABM) or Apple School Manager (ASM)
- Client's ABM Organization ID (provided by client)
- App passes standard App Store Review
USE_CASE: private apps for specific organizations (not public)
USE_CASE: B2B apps with organization-specific features
USE_CASE: GE client wants app only for their company
PROCESS:
1. Build and upload app to App Store Connect (same as App Store)
2. In App Store Connect → Pricing and Availability → select "Custom Apps"
3. Add client's ABM/ASM Organization ID
4. Submit for review (same review process as App Store)
5. Client's IT admin sees app in ABM → can distribute to managed devices
6. IF client has no MDM THEN users can redeem via direct link from ABM
RULE: preferred route for GE client internal-only apps
RULE: combines App Store review quality with private distribution
RULE: client must have ABM account (free to set up, requires DUNS)
ANTI_PATTERN: building enterprise-signed app when Custom Apps would work
FIX: Custom Apps = less risk, no Enterprise Program needed, App Store review quality
DISTRIBUTION:WEB_DISTRIBUTION_EU_DMA¶
STANDARD: EU Digital Markets Act (DMA), Apple Alternative Distribution documentation (2024+)
PREREQUISITES:
- Organization Apple Developer account in EU
- Accept Alternative Terms addendum in App Store Connect
- Core Technology Fee (CTF): €0.50 per first annual install above 1 million
- App notarized by Apple (automated, not full review)
- Web page with proper install flow (Apple-defined JavaScript API)
- App must declare supported EU countries
RULE: only available to users with devices set to EU member state
RULE: CTF applies even for free apps above 1M threshold
RULE: notarization is lighter than App Store Review but still checks for malware/basic compliance
RULE: no access to App Store discoverability — must drive traffic yourself
IF: GE client targets EU-only audience AND wants to avoid App Store commission
THEN: evaluate web distribution — but warn about: no App Store search, no featured placement, CTF if >1M installs
ELSE: App Store distribution is almost always better for GE's SME clients
NOTE: alternative app marketplaces (Setapp, Epic Games Store) also possible under DMA
NOTE: as of 2025-2026, adoption is very low — most developers stay on App Store
DISTRIBUTION:DECISION_TREE¶
START: Who is the audience?
├── General public / App Store discovery needed?
│ └── YES → App Store (public)
│
├── Specific group, no MDM, link-sharing OK?
│ └── YES → App Store (unlisted)
│
├── Specific organization with ABM/ASM?
│ └── YES → Custom Apps (ABM)
│
├── Organization's own employees, 100+ staff, has DUNS?
│ └── YES → Enterprise Distribution (In-House)
│ └── NO → Custom Apps (ABM) instead
│
├── Beta testing?
│ └── YES → TestFlight (external for client, internal for dev team)
│
├── Quick dev testing, <100 devices?
│ └── YES → Ad Hoc
│
├── EU-only, avoid Apple commission?
│ └── YES → Web Distribution (DMA) — but warn about tradeoffs
│
└── DEFAULT → App Store (public)
DISTRIBUTION:APPLE_DEVELOPER_ACCOUNT_SETUP¶
For GE Clients¶
RULE: each client needs their OWN Apple Developer account
RULE: GE does NOT publish client apps under a GE umbrella account
RULE: the client owns their app, certificate, and App Store listing
PREREQUISITES for Organization account:
- DUNS number (free from Dun & Bradstreet, takes 1-14 business days)
- Legal entity name matching DUNS
- Website domain with verifiable ownership
- Organization email (not gmail/hotmail)
- $99/yr fee
- Apple review of enrollment (2-7 business days)
PREREQUISITES for Individual account:
- Apple ID
- $99/yr fee
- Almost instant approval
- NOTE: apps listed under individual name, not company name
IF: client is a registered business (BV, GmbH, Ltd, etc.)
THEN: Organization account — apps show company name
ELSE IF: freelancer / sole proprietor with no DUNS
THEN: Individual account — but warn: cannot use unlisted or Custom Apps
ANTI_PATTERN: using GE's developer account for client apps
FIX: creates ownership/liability issues. Client must own their account.
ANTI_PATTERN: starting development before account is approved
FIX: account enrollment can take 1-2 weeks. Start process IMMEDIATELY when project begins.