Manage private iOS apps

This feature is available with Cloud Identity Premium edition. Compare editions

As an administrator, you can distribute and manage your organization's private iOS apps by adding them to the Web and mobile app list in your Google Admin console. You can control which users can download and install the apps. Unlike public iOS apps, private apps are automatically set as managed and are removed when a user deletes their management configuration from their device.

Users get these private iOS apps through the Google Device Policy app version 3.14 or later on their iPhones and iPads. These apps aren't available through the Apple App Store. Users must be under advanced mobile management.

Before you begin: Prepare app components

A signed app IPA file (1 GB max). For details, see Apple's documentation.
(Optional) An app icon file in PNG format, 512 x 512 px. This icon displays in the Google Device Policy app and the Admin console. For best user experience, use the same icon as in the app file.

Add a private iOS app to the list

Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
In the Admin console, go to Menu AppsWeb and mobile apps.
Click Add appAdd private iOS app.
Enter a name for the app and, optionally, a description. These values help users find the app in the Google Device Policy app.
Click Upload IPA, then choose the app file to upload and click Open. When the upload is complete, the filename, bundle ID, and bundle version are displayed. If you get an error, confirm that the IPA file has the correct structure.
Click Continue.
(Optional) To use an icon, click Select an icon for your app and choose the icon file.
Click Finish. The app's details page opens.
Click User access.
At the left, click the group or organizational unit you want to set user access for. By default, the top organizational unit is selected and the change applies to your entire organization.
Turn user access off or on, as required. For example, to make the managed app available for only some users, turn user access off for the top organizational unit and turn user access on for child organizational units or groups.
Note: When user access is turned on for a group, this setting overrides organizational unit settings. However, you can't explicitly turn off user access for a group. When you uncheck On, users in that group inherit the setting from higher-ranked groups or the user's organizational unit.
If you set user access for multiple groups, review the order of the groups and set their precedence:
1. Click the app and click User access.
2. At the left, click Groups.
3. Drag the groups into the order you want their settings to apply to a user who belongs to more than one group. Put the group with the highest precedence at the top.
Click Save.

It can take up to an hour for the app to be available in the Google Device Policy app on users' devices. If users can't get the app, make sure that you turned on user access for at least one organizational unit or group.

Update a private iOS app

To update your app, you upload a new file with the same bundle ID in your Admin console. The app is automatically updated on users' devices.

Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
In the Admin console, go to Menu AppsWeb and mobile apps.
Find the app you want to update and click it. Tip: Click Add a filter to filter your list by app name or platform.
Click Upload New Version.
Select the new file and click Open. When the upload is complete, the new filename, bundle ID, and bundle version are displayed.
Click Save.

It can take up to an hour for the update to be applied on users' devices.

Edit private iOS app settings

Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
In the Admin console, go to Menu AppsWeb and mobile apps.
Find the app you want to update and click it. Tip: Click Add a filter to filter your list by app name or platform.
Click the section with the settings you want to edit and make your changes.
Click Save.

Set up private iOS apps with managed configurations

Many iOS app developers use Managed App Configuration (AppConfig) to customize apps and allow administrators to remotely deliver settings to managed devices. To learn how to create a managed configuration and assign it to an iOS app, go to Set up iOS apps with managed configurations.

Delete a private iOS app

When you delete a private iOS app in the Admin console, users can still use the app on their devices until they uninstall the app or unenroll the device from Google endpoint management.

Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
In the Admin console, go to Menu AppsWeb and mobile apps.
Find the app you want to delete. Tip: Click Add a filter to filter your list by app name or platform.
Check the box next to the app and click Delete. You can also click the app and then click Delete App.
Click Delete.

What happens to private iOS apps if I downgrade?

If you switch your Google Workspace or Cloud Identity edition to one that doesn't support private iOS apps, you can't manage private iOS apps in the Admin console anymore.

You can't add new private iOS apps.
You can't edit settings for private iOS apps in your Web and mobile apps list.
Users can't find private iOS apps in the Google Device Policy app.
Users who already have private iOS apps can still use them, but new users can't install them.

_{Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.}

Was this helpful?

How can we improve it?