IBM Security MaaS360

 View Only

VPP Next Generation

By Anuradha Singh posted 26 days ago



In today's fast-paced digital landscape, mobile applications have become an integral part of our personal and professional lives. As a result, efficiently managing and distributing these apps within organisations has become a crucial challenge. Apple's Volume Purchase Program (VPP) has been a helpful solution for schools and businesses to purchase and distribute apps in bulk. But as technology evolves, so does the need for better tools. In this blog post, we're going to talk about VPP Next Generation and how it's set to transform the way organisations handle their mobile app deployments.

What is VPP:

VPP stands for Volume Purchase Program. It is a service that allows organisations or educational institutions to purchase corporate apps in bulk, and silently deploy and manage them on devices. Using Apple VPP, organisations can purchase and distribute apps to all Apple devices including iPhones (iOS), iPads (iPadOS) and Macs (macOS). Organisations can integrate Apple VPP with their preferred mobile device management solutions, purchase app licenses and silently install apps on managed devices.

VPP has three primary components:

  1. Token
  2. Apps
  3. Devices/Users


VPP Token is an auth identifier of apple server having apps and their license/codes details.  VPP token allows MaaS to fetch a specific VPP resource from Apple. 


Applicable for:

  • iTunes Store Apps with licenses


User Based VPP: App license can be associated with user.  One user can use same licence on 5 devices.  User can be identified uniquely on Apple server by using clientUserIdStr.

Device Based VPP: App license can be associated with device.  Device can be identified uniquely on Apple server by using Device Serial Number.

OS Version:

  • User Based VPP (iOS 7 Later)
  • Device Based VPP (iOS 9 Later)

The Evolution of VPP:

The Volume Purchase Program, which Apple launched back in 2010, was originally designed to serve educational institutions and businesses. It simplified the process of buying iOS apps in bulk, making it easier to distribute and manage apps across numerous devices. However, with the rapid progress in mobile technology and the increasing complexity of app management, the old VPP started showing its limitations.

Some of the limitations of the traditional VPP were:

  1. Limited App Types: The original VPP was primarily built for iOS apps and didn't cover other platforms like macOS or tvOS.

  2. Device Management Challenges: It lacked efficient ways to manage devices and app installations.

  3. Complex Licensing: Licensing and distribution weren't as flexible as needed, leading to inefficiencies and administrative headaches.

Introducing VPP Next Generation:

To address these limitations and keep up with the constantly evolving tech world, Apple introduced VPP Next Generation. This is a major revamp of the old VPP program, designed to provide a more comprehensive solution for organisations. Some key improvements and features include:

  1. Cross-Platform Support: One of the most notable benefits of VPP Next Generation is its support for a variety of Apple platforms, including iOS, macOS, and tvOS. This enables organisations to manage apps across a wider range of devices, ensuring a more comprehensive app management solution.

  2. Enhanced Device Management: VPP Next Generation incorporates robust Mobile Device Management (MDM) integration, allowing organisations to have control over app installations, updates, and device management. This feature enhances security and streamlines device management processes.

  3. Unified Licensing: It simplifies the licensing process, making it easier for organisations to purchase and deploy licenses across their devices. This streamlines administrative tasks, reduces costs, and ensures compliance with licensing agreements.

  4. Improved Reporting and Analytics: The program offers detailed analytics and reporting features, providing organisations with valuable insights into app usage, user behaviour, and device performance. These insights enable data-driven decision-making and help organisations optimise their app deployments and strategies.

  5. Cost Savings: Streamlined licensing and bulk purchasing options can result in cost savings for organisations. With VPP Next Generation, organisations can efficiently procure and manage licenses, reducing unnecessary expenses and administrative overhead.

  6. Enhanced Security: The integration of MDM tools and the ability to manage app installations and updates more effectively enhance security. Organisations can ensure that apps are up to date, compliant with their policies, and maintain a higher level of data security.

  7. User Experience: The revamped user interface in VPP Next Generation improves the overall user experience. Users will find it more user-friendly and intuitive, making app management and deployment more efficient.

  8. Simplified Administrative Tasks: VPP Next Generation simplifies various administrative tasks related to app procurement, distribution, and management. This, in turn, reduces the workload for IT and administrative staff, enabling them to focus on more strategic tasks.

  9. Scalability: VPP Next Generation is designed to accommodate the needs of organisations of all sizes, from small businesses to large enterprises and educational institutions. Its scalability ensures that it can adapt to an organisation's changing app deployment requirements.

VPP Use cases:

Create a VPP Token and add apps to the token :

  1. Login to the ABM site with your apple ID credentials. 
  2. Navigate to "Locations" and click on Add. Add all the details and click on Save.
  3. Details of the token created will be visible as below; such as date the token was created, the date it was modified.
  4. To add apps to the token navigate to "Apps and Books".
  5. Click on any app and select the token we need to add app on. Assign licenses and click on Get.


Token upload and sync :

  1. Upload VPP token file selecting the region in the UI. Select 'Add Apps Automatically', if apps need to be automatically added to the app catalog.
  2. Once the Policy details and Distribution details are set, the token is successfully uploaded.
  3. Token Details(Token name, Country Name, User groups,Users, Last Sync Time, Update time, Expiry Date, Status, App Addition Status) and History Tracking(History with token details) on the token should be displayed to the Admin.
  4. On Token Upload is complete, Apple web services to get Assets, Users and Assignments for the given token are called and we persist this data in DB.

Token update and disable :

  1. Token actions like disable is a feature to delete the uploaded token.
  2. Token update can be used to update the token with - a new token name, updated expiry date. However, it is used to update the same token which is uploaded already. Uploading a new token altogether throws an error.

App Distributions (Associations) :

  1. We can get all Assets associated with the token using passing sToken. These apps will be displayed as a part of App Catalog once the VPP token is uploaded.
  2. When an app is distributed to a device/user, Apple API is called asynchronously to associate asset to users and devices using passing the ManageAssetsRequest in the body which contains array of Assets and array of clientUserIds(User License) and serialNumbers(Device License)
  3. When Reclaim of License happens, in the following scenarios, Apple API is called asynchronously to disassociate license from the asset.
    1. On device App Catalog, when the user clicks on Dissociate
    2. On Portal, in the Device/User/App view, license can be dissociated.
    3. On selection of Release VPP License on Stop Distribution.

User status management :

  1. When the user chooses to distribute an app via User License, VPP User will be created with the Apple API which is used to asynchronously add user to the VPP token. New Apple API - Response will contain the invitationCode.

  2. After creation, MDM has to invite users by sending the REGISTERED user an email with an invitation link. GetUsers API will have the invitationCode for the particular Registered User. Once the user accepts the invite on the device, API associates the user's appleId with the managed location.  User is now ASSOCIATED- Old API for registerUserSrvUrl deprecated- 

  3. To update and retire a user, use & respectively passing  ManageUsersRequest the in the body.


The launch of VPP Next Generation marks a significant leap forward in mobile app management for organisations. With its extended cross-platform support, robust device management capabilities, and improved user experience, this new iteration of the Volume Purchase Program promises to revolutionise how businesses, schools, and other organisations efficiently manage their app deployments.

As technology continues to evolve, the demand for more advanced and flexible solutions will only grow. VPP Next Generation is a clear indication of Apple's commitment to meeting the ever-changing needs of its enterprise and educational customers, ensuring they can make the most of mobile technology without compromising on security or efficiency.