Intro to content distribution for Apple devices
The most scalable way to distribute apps and books is to purchase them in volume through the Apps and Books section of Apple School Manager or Apple Business Manager. Apple School Manager or Apple Business Manager, and your mobile device management (MDM) solution, then work together so you can assign apps to your devices or users wirelessly, even if the App Store is disabled. All paid and free apps, and most books on the App Store and Apple Books, are eligible for purchase or download. Your organization then owns these apps. Distributed books are owned by the user.
Apps purchased in volume can also be assigned, revoked, and reassigned to devices or users in any country or region where the app is made available by the developer, enabling multinational distribution for your organization. Developers can make their apps available in multiple countries through the standard App Store publishing process in App Store Connect. For this reason, purchases must be made in a country where volume purchasing is available in Apple School Manager or Apple Business Manager. For more information, see the Apple Support article Availability of Apple programs and payment methods for education and business.
Note: In-app purchases and subscriptions aren’t compatible with volume purchasing, Managed Apps, or Managed Apple Accounts. Developers may offer a separate full-featured version of their apps (sometimes as a Custom App) for education or enterprise customers that need to deploy apps at scale.
App sandboxing in iOS, iPadOS, and visionOS
All third-party apps are “sandboxed,” to restrict them from accessing files stored by other apps or from making changes to the device. Sandboxing is designed to prevent apps from gathering or modifying information stored by other apps. Each app has a unique home directory for its files, and that directory is randomly assigned when the app is installed. If a third-party app needs to access information other than its own, it does so only by using services explicitly provided by iOS, iPadOS, and visionOS.
System files and resources are also shielded from the users’ apps. Most iOS, iPadOS, and visionOS system files and resources run as the nonprivileged user “mobile,” as do all third-party apps. The entire operating system partition is mounted as read only. Unnecessary tools, such as remote login services, aren’t included in the system software, and APIs don’t allow apps to escalate their own privileges to modify other apps or iOS and iPadOS.
For more information, see Security of runtime process in iOS and iPadOS in Apple Platform Security.
App thinning
Managed Apps from the App Store, Custom Apps, and Unlisted Apps for iPhone, iPad, Apple TV, and Apple Vision Pro support app thinning, which downloads and installs only the specific version for the associated operating system, allowing faster downloads and reduced download volume.
Decide which app types you want to distribute
Before you distribute apps, decide which types of apps you want to distribute in your organization. You can install more than one app type.
App Store apps: Apps installed from the App Store using Apple School Manager, Apple Business Manager, Apple Business Essentials, or MDM are called Managed Apps. They often contain sensitive information, and you have more control over them than you have with apps downloaded by the user. For more information, see Distribute Managed Apps.
Custom Apps: With Apple School Manager, Apple Business Manager, or Apple Business Essentials, you can buy Custom Apps tailored for the needs of your organization. These apps, built by yourself or third‑party developers, are distributed to you privately. You can view them by turning on Custom Apps in Apple School Manager, Apple Business Manager, or Apple Business Essentials. For more information, see Distribute Custom Apps.
Unlisted Apps: You can leverage Unlisted Apps to distribute organization-specific apps. For example, if your organization has an app they’ve created for staff, teachers, employees, or contractors, you can publish it to the App Store and use a direct URL to download the app. These apps don’t appear in any App Store categories, charts, search results, or other app-related listings. Unlisted Apps are considered hidden but not private, and are accessible only with the direct link. For more information, see Distribute Unlisted Apps.
Proprietary in-house apps: Proprietary in-house apps are distributed to devices, not users. They require self-hosting and management of provisioning profiles and distribution certificates. For more information, see Distribute proprietary in-house apps.
Managed App types, how they’re purchased, and more are listed below.
App types | Purchaser | Audience | Customization | App Store distribution | App review |
|---|---|---|---|---|---|
App Store apps | End user or organization | General public | Everyone gets the same app. |
|
|
Custom Apps | Organization | Business, education, or internal |
|
|
|
Unlisted Apps | End user or organization | Limited internal or external audience | Everyone gets the same app. |
|
|
Proprietary in-house apps | Own organization | Own organization |
|
|
|
Note: You can also install apps on iPhone and iPad connected to a Mac through USB (or Apple TV devices paired through Bonjour) with Apple Configurator. For more information, see Configure devices with Apple Configurator for Mac.
Assigning apps and books
Specific apps can be assigned to devices or users. Books can be assigned only to users.
Type of app or book | Can be assigned to iPhone, iPad, Mac, and Apple Vision Pro | Can be assigned to users with a Managed Apple Account or personal Apple Account | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Free or paid App Store apps purchased through Apple School Manager, Apple Business Manager, or Apple Business Essentials |
|
| |||||||||
Free or paid Books Store books purchased through Apple School Manager, Apple Business Manager, or Apple Business Essentials |
|
| |||||||||
Custom Apps |
|
| |||||||||
Unlisted Apps |
|
| |||||||||
Apps and books for organizations API
MDM developers can use their developer account to configure Services IDs and authorization keys for the Apps and Books for Organizations API to retrieve information about apps and books they manage. Other changes include:
New fields that indicate whether an app is compatible with visionOS
A new endpoint for searching the App Store
For more information, see Configure the Apps and Books for Organizations API on the Apple developer website.