Alma
Evans

What is Android kiosk mode?

Alma Evans

Apr 8, 2020

10 min read

Android devices are often written off as unfit for use in the workplace due to the security concerns and worries about distracted employees. Too many consumer features on hand can slow down productivity as employees may be taking personal time out of the working hours. Android kiosk mode has emerged as an easy solution to blocking out distractions and improving work efficiency.

The Android kiosk mode

Definition:

Android kiosk mode is a lockdown mechanism to restrict Android devices to a single application, a handful of pre-selected applications or even a web browser.

 
Kiosk mode lets you prevent users from accessing unwanted applications or accidentally tampering with the device settings. Further, the kiosk mode helps in:

  • Limiting employee access to malicious sites/apps thereby preventing any security implications – a cyber-attack or a data breach.
  • Cutting down data costs for organizations. As employees are having limited exposure to technological distractions and aren’t wasting time on nonwork activities, organizations don’t incur any data expense other than work-related use.
  • Preventing employees from unnecessarily tampering with system settings or device/hardware that may lead to performance deterioration.

Use cases

An interactive kiosk
An interactive kiosk
 

Android kiosks find its application in a variety of scenarios but the widely seen use case is as an information medium. Single-purpose devices can serve payment collection, ticket printing, cab booking, inventory management, entertainment marketing, and data entry purposes. They have been employed in all major business verticals including hospitality, retail, and other commercial industries. All these applications can be consolidated under two broad categories such as employee-facing and customer-facing devices.

Employee-facing devices vs consumer-facing devices
 

Android Enterprise and kiosk mode

The Google led-initiative Android Enterprise program offers different deployment modes to configure devices according to their working environment. Among the working modes, a kiosk can be achieved only on device owner devices. Device owner mode is designed for work only devices and has an enhanced number of features, silent deployment of in-house work apps, and store apps being the prominent feature potentially helpful with kiosk deployments.
Android Enterprise even defines a separate deployment scenario of corporate-owned devices for dedicated use which comes as a subset of corporate-owned devices (Device owner mode). These dedicated devices (formerly known as COSU (Corporate-Owned Single Use) devices) allow organizations to fulfill a specific use case on enterprise-owned employee-facing or customer-facing devices at ease. For a complete lockdown, additional restrictions can be pushed to these single or multi-app kiosk-style devices.

User restrictions for complete lockdown:

  • Disable SAFE boot
  • Disable factory reset
  • Prevent physical media mount
  • Prevent adding a new user
  • Disable volume adjust

Android Enterprise dedicated devices

These are the most restrictive Android devices performing business critical tasks focusing on a specific purpose. There is a bunch of APIs exclusively built for these fully managed devices to lock them down to an immersive kiosk with the whitelisted apps.

Highlights:

  • Can run the lock task mode to disable all the system UI features like navigation keys, status bar, and global actions.
  • Can be shared between multiple users.
  • Can cache APKs that are required for multi-user sessions.
  • Can suspend system updates.

Achieving Android kiosk mode

To build a kiosk mode, a couple of Android system UI features (particularly non-work features) are disabled ensuring that there’re no ways to opt-out. When an app is set to run in the kiosk mode (single app mode):

  • The designated app runs automatically once the device boots.
  • The app will be pinned to the device screen without the choice to close it or switch to another application.
  • Navigation buttons will be concealed.
  • All paths to device settings will be blocked.
  • Calls/messages will be turned off as per the use case.
  • The notification shade won’t work.

There are traditional methods like app pinning which can change each of these behaviors individually to psuedolock an Android device, but they can’t be considered as full-fledged solutions as users can easily bypass it by long pressing some keys rendering the kiosk useless.

Set up using dedicated kiosk applications

Android developers have the option to create dedicated applications that can seamlessly set up a kiosk mode on Android devices. This acts as a quick fix to the reliability problems associated with traditional kiosk configuration methods.
Programmatically enabling screen pinning and gaining device administrator privileges, kiosk applications opened up more possibilities in creating a flawless kiosk experience by adjusting system settings and managing application behavior. As soon as the device reboots the kiosk app kicks in, and the user will be provided with zero ways to manually access the other part of the device. The notification tray disappears, and the navigation buttons are individually useless.
Some organizations that do not have too specific requirements can leverage kiosk applications to create some sort of lockdown protocol for their devices. The process, however, involves a boatload of steps and a very mild problem the process has is with the time it takes for the app to get updated in Google Play. The user needs to leave the app explicitly and get the new version. But the real issue for kiosk apps when it comes to large or medium-sized corporations is the scalability. As these apps are not designed to handle large scale deployments, the method ends up being a failure when there are plenty of limited function devices needed. Further, a tech-savvy guy can screw up and even find backdoors to easily sabotage the kiosk.
If locking a bunch of devices is the only intent, then kiosk applications might offer some sort of help. On the other hand, if you are looking to remotely manage a large kiosk fleet, change the system features and update the settings often an MDM solution can offer you more freedom.

Set up using an MDM solution

A consumer-facing Android kiosk device
A consumer-facing Android kiosk device
 

A mobile device management solution makes kiosk configuration straight forward and simple. Hexnode MDM solution is competent in offering an absolute set of tools to build a perfect kiosk which caters to the requirements of a varied clientele.

Powerful Kiosk Lockdown for Android
 

Hexnode offers rapid deployment and provisioning of Android devices teaming up with the no-touch enrollment programs like Android Zero Touch Enrollment and Samsung Knox Mobile Enrollment. Central management of kiosk systems is crucial in subverting the security issues associated with the improper use by the non-technical user base. Hexnode is a viable option for purposed devices and features remote activation, ensured security as well as adequate visibility of kiosk devices using the following services:

  • Hexnode Messenger

    Hexnode Kiosk Messenger
    Hexnode Kiosk Messenger
     

    Hexnode Messenger acts as an interface to securely communicate with the kiosk device. This messaging module simplifies remote communication by allowing admins to broadcast messages to all the kiosk devices right from the Hexnode console. Hexnode Messenger is especially useful in an enterprise scenario when instructions/notifications have to be sent to multiple end users in real time.

  • Hexnode remote view and control

    Hexnode remote view and control are powerful tools to administer enrolled devices remotely. This allows you to effectively aid with your Android kiosks by viewing their screen from your MDM portal. For Samsung devices, you can take full control of the device’s screen allowing easy troubleshooting for the devices in real time.

  • Hexnode security management features

    Hexnode allows you to enforce stringent policies to secure your kiosk endpoints from cyber threats. You can perform a complete data wipe on a vulnerable device remotely. For device protection, you can pinpoint the geo-location of the device, monitor rule compliance to detect jail-broken devices and remotely lock the device to prevent misuse. For network security, you can choose to remotely configure all the networks via MDM, prevent data leaks through emails, enforce the use of VPN and define firewall rules.

In addition, there are remote actions to restart and power-off devices when needed. The Hexnode MDM portal acts as a coordination point to orchestrate all these activities to build a robust kiosk mode on Android devices.

Rugged devices as kiosks

Rugged devices for field workers
Rugged devices for field workers
  In collaboration with the Android Enterprise OEM Config standard, Hexnode extends support to rugged devices from Zebra, Honey well, Data logic, Kyocera and Spectralink. Rugged devices are specially designed smartphones, tablets, laptops, and mobile computers which can withstand harsh operable conditions in factories, warehouses, and field work. In addition to the management extensions and OEM level capabilities offered by OEM Config, kiosk mode can now be provisioned on these rugged devices. Being durable and user friendly, rugged devices are ideal for use in outdoor environments and provide added benefits when used for kiosk-like functionalities.

Android kiosk mode features explained

Generally, the term kiosk mode refers to the stand-alone mode running a single app in the foreground but if it requires users to access more applications, a custom launcher is enabled giving users the freedom to choose between the allowed apps. Web pages can also be launched in kiosk mode by setting the web app as the kiosk app, but a web browser is needed to be whitelisted. To cap it off, let us revisit the main features of each of these modes.

Single app lockdown

  • Can convert Android devices to a single-purpose device operating a business specific app.
  • The designated app automatically launches once the device powers ON and can be configured to run in full screen preventing all the other system functionalities. The device can be made to always stay awake if it’s required for the use case.

Multi app lockdown

Android multi app kiosk mode
Android multi-app kiosk mode
 
  • Allows a set of corporate recommended apps and features on the device configuring a specific app to pin to the screen once the device is turned on.
  • Personalize the custom launcher, selectively enable various settings toggles and switch between the allowed apps as and when needed.

Website kiosk

Android website kiosk mode
Android website kiosk mode
 
  • Configures the device to run as a kiosk browser to access only the whitelisted websites.
  • Customizes the browser settings to get the perfect kiosk experience tailored for the use case.

Interactive kiosk

Key takeaways

When businesses want to trim down running costs without affecting productivity, the key is to save on non-productive time and unwanted expenses. Kiosk mode serves the exact purpose by preventing employee distractions during work hours significantly. Empowered by a set of advanced capabilities, Android kiosk mode is sure to add several hours to most working days. And the best part is that achieving most of these features is as simple as flicking a single button – if you’re deploying it via an MDM solution.

 

Share
  •  
  •  
  •  
  •  
  •  

Alma Evans

Product Evangelist @ Hexnode. Already lost up in the whole crazy world of tech... Looking to codify my thoughts for now...

Share your thoughts