Hi All, I have implemented the $subject with VPN. When testing this, I noticed that there are some issues in some devices when blocking the connection.
What I do here is, making a local VPN via agent app (needs user permission), and direct other app traffic through this. And detect the app which we wanna block using the package manager and block access with the help of a local service (capable of listening other app connectivity) I have implemented. I have tested this on 2 devices. It worked on one and failed on the other. When I did some further digging, I got to know that some devices are not allowing app traffic blocking. So I believe that this mechanism wouldn't be a global solution. I suggest that we should go with Marshmallow's app restrictions API. As the device owner, we should be able to restrict apps from accessing internet with this. WDYT? Thanks On Mar 23, 2016 11:27 AM, "Dilshan Edirisuriya" <[email protected]> wrote: > Hi, > > IMO the kiosk mode approach is wrong. Kiosk mode solely for use cases > where you have just one single app in foreground such as having a STB in > airport, when conducting exams etc. Inorder to cater your requirement we > can go for VPN. But we need support generic VPN types like L2TP, PPTP, > IPSec etc. and to add firewall rules around them. Another thing we can do > is if they come up with their own enterprise applications, applications > should be able to establish the VPN connection on its own which we call it > as per app VPN. Either way it has to go towards that approach. Otherwise we > may have to look for firewall type operations in Android SDK. > > Regards, > > Dilshan > > On Tue, Mar 22, 2016 at 8:46 PM, Kasun Dananjaya Delgolla <[email protected] > > wrote: > >> Hi Milan, >> >> The scenario you described is anyways covered via blacklisting + >> whitelisting. So as I said before, we should carefully decide on the >> approach to provide the best solution to this. >> >> Thanks >> >> On Tue, Mar 22, 2016 at 8:05 PM, Milan Perera <[email protected]> wrote: >> >>> Hi Kasun, >>> >>> In that case most organizations need to give access only to a certain >>>> app which they would allow the end user to use. We can achieve that in >>>> Kiosk mode cleanly. Kiosk mode will enable us to enable a *certain app* >>>> in a certain time interval disabling all other apps from usage. >>>> >>> >>> We cannot assume that an organization will only use "*a certain app*". >>> Because most of the time, they use more than one. For an example, lets say >>> they have in house built enterprise apps which all should be allowed to >>> access network. But enabling only one app as in Kiosk mode will not >>> address the issue. >>> However if we are to use Kiosk mode in that way, then we should have to >>> use some other method like creating a new Launcher App for Android and >>> enable only white-listed apps in the launcher. In that way we can restrict >>> the use of other apps. >>> >>> Regards, >>> -- >>> *Milan Perera *| Software Engineer >>> WSO2, Inc | lean. enterprise. middleware. >>> #20, Palm Grove, Colombo 03, Sri Lanka >>> Mobile: +94 77 309 7088 | Work: +94 11 214 5345 >>> Email: [email protected] <[email protected]> | Web: www.wso2.com >>> <http://lk.linkedin.com/in/milanharinduperera> >>> >> >> >> >> -- >> Kasun Dananjaya Delgolla >> >> Software Engineer >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> Tel: +94 11 214 5345 >> Fax: +94 11 2145300 >> Mob: + 94 771 771 015 >> Blog: http://kddcodingparadise.blogspot.com >> Linkedin: *http://lk.linkedin.com/in/kasundananjaya >> <http://lk.linkedin.com/in/kasundananjaya>* >> > > > > -- > Dilshan Edirisuriya > Senior Software Engineer - WSO2 > Mob: + 94 777878905 > http://wso2.com/ > https://www.linkedin.com/profile/view?id=50486426 >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
