A very* scientific poll about deploying third party macOS apps

 * not at all scientific

Photo by Randy Fath on Unsplash

Deploying apps to managed macOS devices is like playing a game of chess. Strategy, moving pieces (some moves you can see, some you can't), making educated guesses about what might happen next, and lots of crossing your fingers and hoping (or maybe that's just me, I'm not particularly good at playing chess 😅). 

There are two primary methods for deploying third-party applications to macOS devices: Apps & Books (the artist formerly known as the Volume Purchase Program/VPP) and direct download installers. 

Apps & Books is Apple's method for distributing applications published in the app catalog for the App Store, with licensing (free or otherwise) available to purchase in an organization's Apple Business/School Manager (AXM for short here) portal. Once a working relationship is setup between AXM and a MDM server the server can facilitate the installation of those licensed apps. 

Direct download means the vendor of the application provides a copy to download and install manually. The installer can come in all sorts of flavors (e.g., pkg file, inside a disc image/DMG, zipped, a pkg of a wrapper that itself installs the actual app). Many podcast episodes, conference talks, instances of hallway chatter, Slack team channels, Twitter threads, etc., have been consternated over topic. Awesome tools like AutoPkg and Installomator have been created to help admins take direct downloads and make them deployable.

This is very reductionist and probably nothing new to most people that read this blog. The only reason I bring it up is recently I decided to hold a very (not) scientific (social media) poll to see what deployment method folks in the Apple device management space prefer.

When it comes to Mac app deployment do you prefer:
- Apps & Books (formerly VPP) distribution
- Direct download distribution (pkg/dmg, from vendor/AutoPkg, deployed by a management framework via policy or Self Service/MSC/etc.)

— Dr. K 🖤 BLM 🏳️‍🌈🏳️‍⚧️ (@emilyooo) July 20, 2021

A clear majority (78%) said their preferred method was direct download. The replies were about what I was expecting (probably because of my biased position of also preferring direct downloads to Apps & Books).

I would prefer Apps & Books if it worked consistently. But it does not, so I avoid whenever possible.

— Patrick Gallagher Jr (@patgmac) July 20, 2021

Things lacking from VPP:
• Reliability & Consistency
• Readable logs
• Predictable update pushes
• Methods for test/debug/retry

But it's moot anyway since most of the software our users need isn't available in the app store.

— Per Olofsson (@MagerValp) July 20, 2021

Reliability of Apps & Books/MDM has just never been good enough. I’ll have to hear from the community that it’s substantially better before I’d try it again.

— John Wetter (@johnwetter) July 20, 2021

As much as I love not having to package with Apps and Books, it is too flakey and impossible to troubleshoot. Also, can’t run post install scripts with A&B..that kinda stinks.

— Jawn M (@floydiandroid) July 20, 2021

I set up a poll on LinkedIn and the results were nearly identical. So were the comments.

Screenshot of a LinkedIn poll I posted. (Source)

I like the simplicity of apps & books, but prefer the reliability of direct download.

100% this. I love not having to worry about patching and packaging apps but it’s just too flakey.

The breakdown of who voted for what option is pretty interesting. The folks that voted "direct download" are largely engineers managing endpoints as part of their daily responsibilities. Those that voted for Apps & Books were largely folks with Sales in their title. I find that pretty interesting. Folks that are hands-on need more control over the process. People that see the best of the Apple ecosystem see Apps & Books as the best choice. 

It seems like a lot of respondents want Apps & Books to be a viable option but maybe we're just all control freaks? 

Apps & Books aims to make deployment simple and remove the complexity of requiring packaging an application installer, but it lacks the ability to add pre- or post-install scripts like a custom-built installer package. And with tools like AutoPkg at an engineer's disposal it's very easy to not only automate the building of a custom installer with pre- and post-install scripts, but also automatically upload it to management frameworks and even update policies that control the deployment of the app.

Part of where I get hung up, which Per mentioned above, is that not all apps are in Apps & Books. On the flipside, there are apps that are only in Apps & Books with vendors that do not supply a direct download. The inconsistency is a bummer from an engineering perspective. Consistency means visibility, understandability, and expected behavior and outcomes. Having to split deployment approaches for apps out of necessity creates complexity and we're all busy people with a lot on our plates, you know?

It seems like a lot of people want to love Apps & Books but there are too many layers of abstraction to see it as a dependable deployment method to rely on for macOS.

If you didn't vote in the polls: what do you think? Leave a comment. I'm genuinely curious and love hearing what folks in the Apple device management space think about this.