Apple Patent Reveals Restricted Enterprise App Store Plans: RIM, Beware

Apple business secure patent

If you're in any doubt that Apple is serious about dominating the enterprise market with its slew of iDevices, eating RIM's lunch right out from under it, then check this: Apple's patenting a way to restrict access to parts of the App Store for specialist enterprise users.

Apple's plan is pretty straightforward: It envisages iPhones (probably in the main) being used by business folk, centrally administered by the company's IT division, with tight restrictions on the kind of apps you can use on the devices compared to the "as you wish" nature of private iPhone uses. The trick is to securely identify both the phone and the user to iTunes, and then present only a limited subset of the app store for access.

This sounds like a nightmare from an "openness" point of view, and Apple detractors will have a field day noting how dictatorial Apple seems to be being, and how it's merely the tail wagged by the demands of big business. But think about it for a moment. I remember when I was given my first corporate BlackBerry, some 7 or 8 years ago. It was expensive, precious (I was warned), and had required no small degree of technical jiggery-pokery in the server room. As such I really wasn't allowed to mess with it too much—not too much Web surfing, don't try downloading attachments to emails, and certainly don't go installing apps you've found for it. This is how many companies think about corporate mobile devices, and with good reason: Mis-use could cost the company a lot of cash, unthinking users could easily mess up an expensive device or even download a virus, and if you did something that disabled or circumvented the device's security, and then lost it, all sorts of company data could be leaked.

This is the mindset Apple's aiming at, with some focus on highly secure use cases—traditionally RIM's BlackBerry's stomping ground.

In Apple's patent, an enterprise iOS device uses encryption to connect to the App Store and the software that's available in the App Store subset has been pre-approved at a corporate level. Downloading of apps to the iPhone can only then happen for approved apps, to approved devices and by approved users. Apple imagines that companies would be able to create "storefronts" to advertise, personalize and control their particular app subsets (which could, of course, include company-specific apps which only employees of the company could gain access to), and users would have to identify themselves somehow to the system so that they could download content.

The Apple patent application for this is highly technical, as you may deduce from the image, but it's mostly concerned with the mechanics by which this form of restricted-access App Store would identify approved phones, and then deliver content—over a secure system—to those phones when users asked for it.

Interesting stuff, especially when you consider the big take-away from this story: Apple's been carefully researching, and patenting, tech in the enterprise sphere with iPhones and iPads specifically in mind for well over a year (this patent was applied for in late 2009). At some point soon, it may choose to expand its iPhone smartphone dominance not merely by adopting a new U.S. carrier, but by carefully embracing an entire market sector, stuffed with buyers with deep pockets—Enterprise.

To read more news on this, and similar stuff, keep up with my updates by following me, Kit Eaton, on Twitter.

Add New Comment


  • Cimarron Buser

    Two big questions here:

    (1) Will this approach work with the way that IT wants to distribute enterprise apps?

    (2) And is this patent only about the enterprise, but perhaps also an attempt to tailor views to user demographics including age and ethnicity?

    (1) Will IT want this approach?

    There are some built in assumptions here. First, that IT staff want to use iTunes as the primary interface whereby employees would "view" their apps (not a given). Second, that only a single platform (IOS) is being used by the company. The approach taken here also assumes that companies will want Apple to act as the "centralized repository" through which all employees access enterprise applications.

    Enterprise mobile app approaches to date have allowed enterprises to "control" the distribution point (e.g., BES server) and enable enterprise authentication methods (e.g., Active Directory) to govern access. In addition, other solutions available today for iOS, such as Apperian's EASE service (, allow enterprises to fully control the access and deploy the service without Apple intervention.

    (2) The Consumer Data Question.

    A look at the claims in the patent shows that Apple plans to showi apps based on a profile using demographic data. Specifically mentioned in five of the claims is the use of "age, ethnicity, location and interest" as part of the data to determine what apps would be displayed. It's an open question as to whether companies will want their employees to be demographically "profiled" as part of their access to corporate and enterprise apps.