Android Kiosk management
Kiosk mode provides complete control over the device usage and ensures that the devices can be used only for the intended purposes. Android can run tasks in a kiosk mode by configuring lock task mode settings. . This feature is applicable only for company-owned devices. When lock task mode feature is enabled, a fully-managed device becomes a dedicated device. In a dedicated device, the device user can access only the apps allowed as per the active policy.
Lock task mode feature allows the Administrator to disable all the major system UI features, such as notifications, home button, recent apps button, and global actions. WebUI allows Administrator to configure a policy to allow a single app or multiple apps to be installed and locked on a dedicated device.
- Prerequisites
-
- Device must have Android version 6.0 or later.
- Device must be a dedicated device enrolled as Device Owner in Android Enterprise.
Single app kiosk mode
Lock task mode that restricts device access to a single application runs the device on single app kiosk mode. These dedicated devices in kiosk mode run a specialized application with minimal device functionalities. You can set your app as the device’s home app so that it is launched automatically when the device starts up or even rebooted.
To enable kiosk mode on a device, specify a designated kiosk app for the device by
setting its installType
to KIOSK
. This designated
kiosk app launches automatically when the device boots.
"applications": [
{
"packageName": "com.example.app",
"installType": "KIOSK",
"defaultPermissionPolicy": "GRANT"
}
]
Multiple app kiosk mode
Lock task mode can also allow to install multiple apps pertinent to the organization's requirements and lock down a device on kiosk mode. However, kiosk mode limits the device usage to the specified applications by running only those apps the user needs to access.
A device can only have a single designated kiosk app (installType
set to KIOSK
). However, if a kiosk app links to other apps, these
additional apps can be added to applications
. Ensure that the
installType
for any additional apps is not
KIOSK
or BLOCKED
.
"applications": [
{
"packageName": "com.example.app",
"installType": "KIOSK",
"defaultPermissionPolicy": "GRANT"
},
{
"packageName": "com.example.app_to_be_linked",
"installType": "FORCE_INSTALLED",
"defaultPermissionPolicy": "GRANT"
}
]
Device User Experience
- Only apps that are allowed through the policy are accessible. The users can click and navigate through the allowlisted apps and can not leave out of lock task mode.
- All other apps and other screens including the homescreen, notifications, and all other screens become inaccessible.
- The allowed app is pinned to the device screen and the device user cannot exit the app screen.
- Device user cannot be unenrolled.
Enabling lock task mode
- Create a custom policy to configure an app or set of apps to be installed on lock task mode.
- Upload the policy through WebUI.
- Add the created app policy to a policy group targetted for dedicated devices.
- Deploy the policy group to MDM server or directly onto the selected devices.
{
"safeBootDisabled": true,
"screenCaptureDisabled": true,
"factoryResetDisabled": true,
"cameraDisabled": true,
// Specifies that system updates will be auto-installed during a daily
// maintenance window between 2am and 4am.
"systemUpdate": {
"type": "WINDOWED",
"startMinutes": 120,
"endMinutes": 240
},
"kioskCustomLauncherEnabled": true,
"keyguardDisabled": true,
"applications": [
{
"packageName": "com.microsoft.office.outlook",
"installType": "FORCE_INSTALLED",
"defaultPermissionPolicy": "GRANT"
},
]