Automatic OTA updates in an ios app which is locked down with guided access

Question

My client needs to find a way to automatically push app updates to a number of iphone 3gs devices remotely. These devices will be in guided access mode so the users will only be able to access the app in question.

I believe we have two option for distribution:

• B2B custom app via the Volume Purchase Program
• In-house app released with the Apple Enterprise Program

Having researched our options I can see that over the air app updates can be achieved by either:

• Building an in-app update functionality to check for new updates (Enterprise only I am guessing?) and automatically update and restart the app
• Using an MDM such as http://www.air-watch.com/ (as I understand Apple Configurator must have devices plugged in via USB to work?)

I am wondering if anyone can tell me whether either of those options are possible with the devices being in guided access mode? Or are there any other solutions, which I have missed, that can automatically manage the app remotely while the device is in guided access mode?

Answer 1

You can solve this with an Enterprise distributed app.

• App only. Update check for an OTA-Update from your app when the app is coming to the foreground (or some other metric at your clients leisure, like added time delay, etc). Basically self explanatory; you implement a call to your clients/your API to check the version and inform the user of a new one. The update can either be optional or mandatory (preferably announced by the API and changed when needed); present the user with an alert about it. The user acts upon it and you OTA install via an ITMS link provided by your API call. And that's it.
• MDM. Tbh, I'm a bit on shaky ground here. Theoretically this is all possible via MDM too, however I am not sure if it is the (varying) MDM solutions or some misconfigurations, but clients usually seem to lose control after some time.
• Both. Yes, you can perfectly well live with both. MDM while everything is fine, and as a backup a well structured App+API mechanism to push the OTA updates out. This is especially useful if you have customers where some departments are under MDM and others are not. So, some may get it via MDM (and if all else fails via the App itself), the rest will get it via the App.

The tradeoffs are a matter of personal preference, if there is a fully working MDM solution in place the update will be pushed out and the user however 'malicious' can do nothing against it. But the same is true for the 'App only' solution, as you have the option to not let him use the app if he does not update (either by not providing a cancel button or, as you are in an enterprise environment and there it is allowed doing an exit(0)).

From experience I prefer any solution that has the 'App only' option as it is the last fallback if anything on client side fails. Whatever may be added on top is just sugar to the cake.

While not strictly relevant, the 'App only' solution always goes well with Push Notifications when an update came out.