Hi Kasun, I would also agree the fact that we should drop option 2 and the most convenient way of doing it is to create VPN interface in the device and filter network traffic. However, I cannot understand how the "Kiosk mode" would help to do the $subject. Would you please explain it bit further?
Thanks, On Tue, Mar 22, 2016 at 1:05 PM, Kasun Dananjaya Delgolla <[email protected]> wrote: > Hi All, > > In mobile operating systems, what we can do to do $subject is blocking > applications by accessing device network. > > I have been working on the $subject and was able to do a 2 way > implementation using following approaches. > > 1. Creating a local VPN and blocking apps from using device mobile data > and WIFI connections. > 2. Using IPTables to create firewall rules (this requires ROOT access and > not recommendable in off the shelf devices. (Creating IPTable records > require "su" command via android shell). > > From above 2 approaches, if we take EMM theories in to consideration, we > will have to drop option 2 because it compromises access. So we are left > with option 1. > > While discussing, we thought that enabling "Kiosk mode" [1] should also be > a proper solution to address this use case. We can simply enable Kiosk mode > by using our android agent app (since it has device administrator > privileges). But in a usual device (BYOD) this requires user intervention > (user needs to grant access). In COPE mode(where the devices are provided > by the organization and they can vendor sign our agent app so that it can > become a privileged system app), we can simply enable Kiosk mode (Screen > pinning) by making our agent app the "device owner"[2]. > > Therefore I suggest tat we should re-think on $subject and try to make use > of above discussed approach. WDYT? > > [1] - http://www.sureshjoshi.com/mobile/android-kiosk-mode-without-root/ > [2] - https://support.google.com/work/android/answer/6294687?hl=en > > Thanks > -- > Kasun Dananjaya Delgolla > > Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > Tel: +94 11 214 5345 > Fax: +94 11 2145300 > Mob: + 94 771 771 015 > Blog: http://kddcodingparadise.blogspot.com > Linkedin: *http://lk.linkedin.com/in/kasundananjaya > <http://lk.linkedin.com/in/kasundananjaya>* > -- *Milan Perera *| Software Engineer WSO2, Inc | lean. enterprise. middleware. #20, Palm Grove, Colombo 03, Sri Lanka Mobile: +94 77 309 7088 | Work: +94 11 214 5345 Email: [email protected] <[email protected]> | Web: www.wso2.com <http://lk.linkedin.com/in/milanharinduperera>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
