Because itms-services bypasses the App Store review, Apple imposes strict security rules:
Keep in mind that specific behaviors can depend on the device's configuration, iOS version, and the apps installed on the device. Always test such links in a controlled environment to ensure they behave as expected.
When generating the link dynamically (e.g., with JavaScript or a CMS), always encode the entire href. Use encodeURIComponent() on the parameter values, but the ampersand separator must be & inside HTML. Itms-services Action Download-manifest Amp-url Https
If you click your itms-services link within an AMP page and the installation fails, run through this technical checklist to diagnose the issue:
Note: In HTML code, this is often written as &url= to comply with HTML character entity requirements . Because itms-services bypasses the App Store review, Apple
If you’re hosting the manifest and IPA on an internal enterprise server, you still need a public or internally trusted SSL certificate. Many companies use their internal PKI with a root certificate installed on all managed devices. For external beta testers, use a cloud CDN or web host with built‑in HTTPS (e.g., AWS S3 + CloudFront, Firebase Hosting, GitHub Releases, or even a simple Nginx server with Let’s Encrypt).
Let’s walk through a real scenario: you’ve built an Ad Hoc IPA for testers. Use encodeURIComponent() on the parameter values, but the
The URL is constructed from three distinct components that must be formatted precisely to trigger the native iOS installer:
Email the link to your testers or host it on an internal site. When they tap, the installation begins.
: The device downloads and parses a XML-formatted Property List ( .plist ) file known as the manifest.
