I've had some of our customers report their users getting around kiosk mode and either installing additional applications or streaming video, causing high data usage overages. The devices in question are company owned and "should" be used for business purposes only.
I'm trying to make sure the device is locked down as much as possible to prevent this going forward. Do you guys know of any tips/tricks that users can possibly use to get around the kiosk lockdown to use unapproved applications or stream video directly through the browser.
A few that I have already shutdown after watching the user perform it via Remote Control:
- Disabled ability to take a screenshot with Feature Control. Found that users could take a screenshot and then get to other applications within the OS from here.
- Disabled Multi-User Control with Feature Control. Found that users could login to a Guest account on the tablet and enter into an entire un-locked profile with no restrictions.
- Added a Application Run Control which Blacklists a bunch of apps, including many of the built-in applications as well as extensive list of popular games and streaming applications. As I type this, I realize that maybe a whitelist would be more effective here, but harder to support with different applications across customers, etc....
- Regularly update device administrator password.
Are there other workarounds I'm unaware of that a user could manipulate to get around the lockdown? Swiping down to reveal the drop-down, multi window, etc....
Thanks in advance
