Securing a Device

One of the key drivers, if not the key driver, behind Kiosk{ed} development, is to provide a secure platform for delivering educational content, such as assessments. Secure is an overloaded term, but in our use case we mean:

  1. Displayed content cannot be easily copied.
  2. Access to other applications is restricted.
Lock icon

With Kiosk{ed}, you control when a device enters and exits this secure state. We call this state kiosk mode or lockdown mode. In lockdown mode, the application:

  • Displays in full screen mode.
  • Prevents switching to or accessing other applications.
  • Removes all system menus and task bars.
  • Prevents screen capturing and printing.

Lockdown Methods

Kiosk{ed} provides two mechanisms to enter lockdown mode:

  1. AutoLock is a configuration option set at build time. With AutoLock, your application enters lockdown mode when launched. The user can exit the application using a close button on the title bar, but cannot access other applications while the app is running.

  2. JavaScript API methods kiosk.lock() and kiosk.unlock() are the recommended option. With these methods you control when the application enters and leaves lockdown mode. Refer to the JavaScript API for details on how to call these methods from your web application.


Platform Specifics

A uniform mechanism for controlling and verifying lockdown mode is provided across all platforms, but the way lockdown mode works is slightly different for each operating system. This section describes the differences and highlights the features that may require intervention by an admin.

macOS

The following features are disabled in lockdown mode:

  • Dock and System menu are hidden.
  • Spaces is disabled to prevent the user from switching between multiple virtual desktops.
  • Function keys are blocked to prevent launching other applications.
  • Notification Center is disabled.
  • 3-tap lookup gesture is disabled.
  • OS and iTunes update notifications are temporarily blocked.
  • Content is protected from any screen readers.

Windows

The following features are disabled in lockdown mode:

  • Function keys are blocked to prevent launching system menus and other applications.
  • Taskbar is hidden.
  • Accessibility shortcuts are disabled.
  • Power Screen ( CTRL+ALT+DELETE ) options are hidden.

Chromebooks

Chrome OS has a rather unique way of implementing kiosk mode. Kiosk{ed} applications require a little more setup and must be launched directly from the login screen. Once configured, the device locking is handled completely by the operating system.

iOS

Apple has built-in mechanisms for lockdown mode. Automatic Assessment Configuration (AAC) is the most recent method, and has been available since version 9.3.2. Various security and bug fixes have been released since then, so we recommend using version 10.2.1 or later for iPads.

One significant difference for iOS is lockdown mode requires the user to accept the action before it secures the device. The user sees a confirmation screen when kiosk.lock() is called, and must tap Accept to secure the device.


Support Tradeoffs

One trade-off an organization makes is whether the onus of securing a device is on a local administrator or on the application. For example,in a testing center it can be easier to have local technical staff disable certain features of an operating system and not worry about trying to disable those features programmatically. Alternatively, this extra administrative work can be burdensome for a school district supporting many classrooms and devices. Kiosk{ed} provides the programmatic solution to favor ease of use for the administrator.

2018 © Learning Logistics. All Rights Reserved.