Apple's Guided Access is used to restrict the usage of iOS devices to a single application, in order to be deployed for a single purpose. It is a common way to lock down devices to be used as self check-in kiosks, point-of-sale (POS) terminals at self-service restaurants, digital signage, dedicated displays used for advertising, etc. On enabling Guided Access on the device, specific device settings can be controlled such as the volume buttons, sleep/wake button, touch, etc. When the Guided Access session has to be terminated, the Guided Access passcode has to be entered, which was configured earlier, at the start.
In the case of Android, a function similar to Guided Access, called Screen Pinning can be used to limit the devices' access to specific apps. Here, a PIN can be set up which has to be entered each time the app is to be 'unpinned' or removed from the screen. Configuring Screen Pinning on all the devices in an organization only implies manually enabling the feature on each device, followed by setting a password for each user. Also, as single-purpose devices are widely used in businesses including industries, construction, healthcare, education, and retail, deploying multiple devices with the required app and device restrictions would be a tedious task.
Devices can be remotely provisioned with the required app (single app Kiosk) or a set of apps (multi-app Kiosk) and with advanced restrictions applied, ensuring better control over the devices. Single app Kiosk provisioning ensures the device is locked down only to one particular app and blocks access to the rest of the features and settings. For instance, a device may be provided to a driver to be used only for navigation and is thus provisioned with the Maps app. The rest of the device functionality is restricted.
From the MDM console, multiple Android devices can be provisioned in Kiosk at once without hassle. As MDM provides bulk enrollment of devices using various enrollment techniques to support BYOD, COPE, and COSU environments, the process of on-boarding is quick and seamless. This is beneficial especially in large organizations with multiple departments and specific device requirements.
As a device in Kiosk is locked to a particular app, the user will not be able to access the basic device settings such as Wi-Fi, Bluetooth, Brightness, etc., MDM provides a means to configure these settings. For instance, a device is provisioned in Kiosk with a single app used for an examination at school and the student using the device wants to adjust the brightness. This can be achieved by enabling the Custom Settings app. Users can be allowed to view/modify certain settings as configured on MDM. Also, restrictions can be applied on the Task Manager, Status Bar, physical buttons on the Kiosk device to prevent the user from navigating away from the required screen or factory resetting the device. These restrictions can be revoked as and when required from MDM.
Play Store apps as well as in-house apps, specific to the organization can be silently installed on the devices as Kiosk apps. Also, system apps which are pre-installed with the device, can be provisioned as Kiosk apps. As MDM supports the complete app life cycle management right from app installation, managing app updates as well as app removal, the exhausting process of manually managing the apps is eliminated. In addition to apps, MDM supports provisioning specific web apps or websites in Kiosk which locks the device access to the specific URL content.
As the functionality of a Kiosk device is highly dependent on the app provisioned, MDM provides the option to test the app on specific devices prior to deployment to groups of devices thereby eliminating security and productivity issues due to bugs. This includes testing app updates using the beta version.
Kiosk devices used for self-service purposes are mostly unattended. Usually, issues on devices can be fixed by remotely taking control or viewing the device screen, with the user permitting access to do so. But in this case, fixing issues can be difficult due to the absence of a user. Also, the user, even if present might be a contract employee, who is not technically adept to rely upon. To solve the problem of troubleshooting devices in these situations, MDM provides unattended remote access for Android devices, using which the issues on the devices can be fixed without any user intervention. Additionally, MDM supports a remote chat feature where security commands can be used to temporarily exit and re-enter Kiosk on the device, thereby saving time and cost to the organization.
As single app Kiosk devices are generally used by remote or contract employees, there is a high possibility of the devices being lost or stolen. MDM provides the Remote alarm feature to help in retrieving the device as well as Geotracking feature to track them down. Also, the devices can be locked completely using Lost Mode. Security commands such as Complete wipe or Corporate wipe can be initiated on the device if need be. Furthermore, mobile devices can easily be carried out of the organization premises which in most cases, is not ideal as the devices are meant to be used only within the premises. To address these cases, virtual fences can be set up using Geofencing, so that access to the device is blocked, once it leaves the organization premises or a particular area. Also, the devices can be preconfigured to erase all data on leaving the fencing area, if need be.
Follow the steps given below to provision devices into Kiosk Mode:
The Kiosk profile is associated with the device, thus implementing the equivalent of Guided Access for Android successfully.