Securing a Device
One of the key drivers (if not the key driver) that lead to the development of the Kiosk{Ed} application is to provide a means for delivering educational content, like assessments, in a secure fashion. Secure is an overloaded term, but for our use case we mean that:
- Any content being displayed cannot be easily copied.
- Students are unable to access other applications.
The Kiosk{ed} application gives you the ability to control when it enters and exits this secure state. We call this state kiosk mode or lockdown mode. While in lockdown mode, the application:
- Displays in full screen mode and prevents switching to or accessing other applications.
- Removes all system menus and task bars.
- Prevents screen capturing and printing.
Lockdown Methods
Kiosk{ed} currently provides two mechanisms for entering lockdown mode. The first uses a configuration option called AutoLock that can be set to true at build time. With this option, your application will enter in to lockdown mode as soon as it is started. The user is able to exit the application using a close button on the title bar, but unable to access other applications while your app is running. The second and recommended method is to secure the application programmatically using the Javascript API methods kiosk.lock() and kiosk.unlock(). With these methods you can control when the application enters and leaves lockdown mode. See the documentation on the [Javascript API] for more details on how to call these methods from your web application.
Platform Specifics
A uniform mechanism for controlling and verifying lockdown mode is provided across all platforms, but the way lockdown mode works is slightly different for each operating system. This section discusses those subtle differences.
macOS
Windows
iOS
There support for lockdown mode has evolved over the last few major versions of iOS, but the latest method called Automatic Assessment Configuration (AAC) first available in version 9.3.2 works quite well. There were a few minor issues in the initial version that were later fixed along with a few other security fixes and we highly recommend using version 10.2 or later for iPads. AAC allows us to progammatically secure iPads and you can use the kiosk.lock and unlock methods to control the timing of these actions.
Chromebooks
Chromebooks have a rather unusual way of implementing kiosk mode.
- Talk about the rational for lockdown mode.
- Define lockdown. Anything that might compromise test content or allow the user to access other access.
- List key OS features that are restrained.
- Talk about platform differences.
- AutoLock vs Programmatic Locking/Unlocking
- AutoLock can be defined in the application configuration and will lock the device on launch. This is the easy case and requires no integration work. A close button is available at all times to allow the user to exit, however they are given a warning before closing.
- Some applications require more control over lockdown, therefore the application can also programmatically locked/unlocked via the javascript api. In this case, the application will not show a close button while locked, so you need to ensure that you provide that feature.
- Lock code sample.
- We’ve made it so that you can start with AutoLock and then easily migrate to programmatic locking.
- Handling accessiblity tools.