[Blog Post] Enterprise mobile app store for effective mobile app management

  • By Dulitha Wijewantha
  • 11 Oct, 2013

Introduction to app management

Mobile apps are an important element of mobility. From the early evolution of mobility, apps determined the most favored operative system. Two key app stores emerged:

  • Apple App Store
  • Google Play

These app stores enables the discovery of mobile apps to users easily and provisioned apps over the air to millions of users. Furthermore, in the Apple App Store, app management includes an approval process where Apple approves the apps before publishing them in the store.

What corporates did earlier was publish their internal applications developed by them to public stores (Apple App Store, Google Play). The public also has access to these apps and some of the apps are not approved by Apple.

The WSO2 EMM platform provides a complete mobile app management solution for enterprises to solve the mobile app management challenges explained earlier.

The diagram above illustrates the mobile app management solution. The following section will explain how each piece will work.

Scenario A

A developer has built a mobile app and he wishes to publish it in the Store Front. He submits the app using the App Publisher.

Scenario B

An approver or manager of the corporate will review the submitted application. Based on his review, he rejects the app or approves it to the store.

Scenario C

Once the app is approved, the App Management console will allow system administrators to govern them.

Scenario D

The approved apps will be published in the Store Front.

Scenario E

Users will discover the interested mobile apps and self provision it to their devices (BYOD or COPE).

Scenario F

System administrators will also provision applications to users over the air. They will include certain apps in a policy and provision those applications to the device upon enrollment.

The following sections will focus on these scenarios and explain in detail how the WSO2 EMM platform solves mobility challenges.

App governance and publishing

This section covers the scenarios A, B, C and D.

Applications that are submitted to the App Publisher goes through a life cycle process before being published on the store. The App Publisher provides facilities to submit, review, approve, and publish apps to the Store Front.

App Publisher supports the publishing of the following applications:

Enterprise iOS and Android apps

Apps that have been developed by a developer. Most likely these apps are developed by the enterprise or by third-party contractors. The developed executable for iOS is a .ipa file and for Android it’s .apk file.

Public iOS and Android apps

Apps that are available in public app stores (Apple App store or Google Play). Mostly why public apps are included in the Enterprise Store are to allow list and promote apps and manage provisioning of public apps (this will be explained in detail in the sections below). Corporate users find it easy to discover apps when published on their Enterprise Store.

Mobile Web apps

Mobile Web apps are bookmarks to sites that are useful. These web apps can be provisioned to devices and the users can easily access web apps as Web Clips that appear in the home screen for iOS and bookmarks that appear in the home screen for Android.

System Admin will first login to the App Management console. He/she creates a developer user and a reviewer use. Permission assignment will happen through the following roles:

  • internal/reviewer - to give approve permissions to users
  • internal/publisher - to give publishing permissions to users

When the user is created from the console, an email will be dispatched to the respective email account with a generated password.

In case enterprise identity services are configured, System Admin will assign the roles: internal/reviewer and internal/publisher to users.

Next the developer will login to the App Publisher. He will see all the apps that he had submitted. He can filter them based on the status of the app.

The developer will click the “New Application” button to add a new app to the App Publisher. He will be asked to choose the app type.

The App Publisher is capable of handling the following types of apps.


The first category in iOS apps are Enterprise apps. The enterprise app is developed by the corporate and has the executable (which is an .ipa) that is signed with an enterprise account.

There are also apps that are available in the iOS App Store that the corporate would like to promote and manage. This type is called market apps. To add a market app, the user needs the app identifier, which can be found from the Apple App Store. iOS also supports the removal of apps that are installed by the corporate when an enterprise wipe is performed on the device.


Enterprise apps in the context of Android mobile operating system is an .apk executable. The executable is exported (or built using build tools). Market apps are apps available in Google Play that enterprises require to manage. To submit an Android market app, the app identifier is needed. The app identifier (package name) can be found at Google Play.

Mobile Webapps

Corporate can place a bookmark of the web app on the mobile device.

Android :- A provisioned web app would appear on the android home screen screen.

iOS :- A provisioned web app would appear as a web clip on the user’s home screen.

After choosing the app type, the developer has to fill the below information

  • Title of the app
  • Description of the app
  • Recent Changes of the app
  • Banner
  • Screenshots
  • Icon

Once the app is submitted the developer will be sent back to his initial screen where he saw the status of the app. It will take a few seconds for the app to be inserted, until the app is added, a notification is displayed on the screen.

Before we go any further, an understanding of the lifecycle of an app is essential. In the App Publisher, each application goes through a lifecycle. This lifecycle includes creation, submission, reviewal, rejection, acceptance, publishing, and retirement.

After the app is submitted, the app goes to the created state. In the created state, the developer can submit for reviewal.

If the developer submits the app for reviewal, he can’t do further changes on the app information. It will be in a locked state - In-Review state.

An approver (or reviewer) is a user who has the internal/reviewer role. He will be capable of seeing the app when he logs into the App Publisher. He can either reject the app or approve it.

If the app is approved, the developer will see the application in the approved state. The developer has the choice of publishing the app or holding it off until required. But he cannot change the app information once it’s approved. When the developer publishes the app, the app will be visible for app discovery from the App store as well as the Mobile App Management console.

The developer can also

  • Unpublish the app used to temporarily remove the app from the store
  • Retire the app

App discovery

This covers scenario F

The Enterprise App Store Front is used for easy discovery of apps for users. The main reason why App stores such as Apple App Store and Google Play became popular was due to ease of app discovery for users. Users can easily browse through the app catalog and provision apps they are interested in.

The Enterprise App Store Front is a multi-platform store. The users can easily browse through apps developed for multiple platforms (Android, iOS, and Mobile web apps). In the app box the user can view the type of the app.

The importance of the App Store is to self-provision applications. Once the user presses install on an app, he is prompted to select which device he wants the app to be installed in. This is useful when the user wants to install an app only to his tablet, but not to his phone.

Once the app is provisioned, WSO2 EMM will push the app over the air to the respective device.

App management

This covers scenario E

App management provides a solution for system administrators to manage mobile apps in the corporate. The perspective of this use case is different when compared with the Store Front. In the Store Front, the user installs a mobile app to his own device (BYOD or COPE). In the case of the Mobile App Management console, the system administrator provisions apps to a set of users or a set of roles.

The system admin will see the apps that are published from the App Publisher in the console. He/she can click on an app and view the users who have installed the app.

He/she can also bulk provision apps to a role by pressing install or bulk uninstall an app from the role by pressing uninstall. Further, he/she can perform installation and uninstallation on user’s devices as well. Apps installed and uninstalled over the air.

System admin can also configure policies for mobile apps. If a policy already exists in the system, admin can configure the following:

  • Deny listed apps
  • This feature is to deny list apps. Currently, this feature is only supported for Android. This policy supports compliance monitoring. Compliance monitoring can be done through viewing the device in the Mobile Device Management console. There is also a report to view compliance monitoring in the App Management console.

  • Install Apps
  • Supports provisioning of apps to a device once it’s enrolled automatically, e.g. admin can associate a sales application to the sales role. Once a user with a sales role enrolls to WSO2 EMM, the apps specified in the policy will be provisioned to his/her device.

    Admin can view the installed apps of a user via WSO2 EMM.

    The system administrator can view the top 10 apps installed through a report as well.

    Implementation of the above features are dependent on the corporate itself, .i.e. if the corporate decides to host only an App Store Front and not a Mobile App Management console.

    Click here to download WSO2 EMM.