Android Kiosk Mode Workarounds?

Android Kiosk Mode Workarounds?

I've had some of our customers report their users getting around kiosk mode and either installing additional applications or streaming video, causing high data usage overages.  The devices in question are company owned and "should" be used for business purposes only.

I'm trying to make sure the device is locked down as much as possible to prevent this going forward.  Do you guys know of any tips/tricks that users can possibly use to get around the kiosk lockdown to use unapproved applications or stream video directly through the browser.


A few that I have already shutdown after watching the user perform it via Remote Control:

-  Disabled ability to take a screenshot with Feature Control.  Found that users could take a screenshot and then get to other applications within the OS from here.

-  Disabled Multi-User Control with Feature Control.  Found that users could login to a Guest account on the tablet and enter into an entire un-locked profile with no restrictions.

-  Added a Application Run Control which Blacklists a bunch of apps, including many of the built-in applications as well as extensive list of popular games and streaming applications.  As I type this, I realize that maybe a whitelist would be more effective here, but harder to support with different applications across customers, etc....

-  Regularly update device administrator password.

 

 

Are there other workarounds I'm unaware of that a user could manipulate to get around the lockdown?  Swiping down to reveal the drop-down, multi window, etc....

 

 

Thanks in advance

 

 

3 Answers

Order By:   Standard | Newest | Votes
Allen Gulbrand | posted this 24 October 2018

Is this Android+ or AndroidEnterprise?

  • 0
  • 0
Chris R. | posted this 25 October 2018

Android+

 

  • 0
  • 0
Raymond Chan | posted this 25 October 2018

The scope of your question is just so big.  I can write two or three chapters of a book on related topics for different device brands, android firmware versions, Android platforms/device-modes, etc.    However, this will then also serve as a good handbook /checklist for hackers to look for loophole left by careless administrators.  So, I'd rather not do so.

 

I think you'd better check logs of your problematic device and servers, and first narrow down the most probable area that cause your problem.  Then, it will be easier for everyone to focus in subsequent discussions on the solution. 

 

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback