iOS and apps

[bazaarboy]

Quick question, and sorry if this isn't the right forum...

At work we need to use mobile devices to access the intranet, and initially we looked at android tablets

Someone suggested the iPod touch. it's much cheaper, small and has a nice screen

for security reasons the mobile devices have to lock down after inactivity and we don't want people accessing any other features (like playing music!)

soooo:

it is possible to use a custom app, to browse the intranet and to limit access only to this app?

 

[SKILL]

Not afaik, apps in iOS have very limited scope and presumably would need to be published in the app store costing money and needing approval from Apple which probably won't come, although I believe as an apple developer you can register a certain number of phones to test apps on, might be enough for you?

If a small device like the ipod touch is suitable how about a cheapo android phone (thinking something like the orange san francisco for ~£80 iirc), this has a fairly decent custom rom community and should be much easier to lock down (initial thoughts would be to remove all apps apart from one to access the intranet, which could be the internal browser but does leave it open to getting apps off the interwebs and installing them...)

 

[bazaarboy]

thinking something like the orange san francisco for ~£80 iirc

just been looking at the ZTE blade too

i think you're right, iOS / apple too difficult to customise in the way that I want, I just registered a project with www.elance.com to see how much an equivalent android app would be

thanks

 

[Chillimonster]

The app side of it could be taken care of via the built in restictions that disables all apps.
The auto lock can be done via a jailbreak tweak, and you can also hide all other things etc via jailbreak tweaks.

As for the app itself, this can be donw in one of three ways.

Officially via apply, but this is long-winded and is unlikely to be approved.
Via a developer account
Via a Jailbreak app that is installed on the required handsets.

 

[bazaarboy]

hmm sounds interesting, though jailbreaking them might be bad in terms of warranty issues - we'd need about 100 devices, so they need to have valid warranties

 

[Darryl_1983]

Would it not be easier to just get netbooks running windows? Probably similar price to ipod anyway.

 

[Chillimonster]

hmm sounds interesting, though jailbreaking them might be bad in terms of warranty issues - we'd need about 100 devices, so they need to have valid warranties

Warranties - just restore back to standard firmware if there is a problem and take it to an apple store

 

[Myshra]

There is no way that you can lock down a phone to the way you want due to it being an end user sole device by design, gpedit world this is not. BB's/Android 2.2+/iOS come with exchange policy override such as PIN requirement, remote wipe, device encryption but they don't lock down network access very well (guess you'd need proxy access too?).

Netbooks will honestly be cheaper and more secure.

 

[bazaarboy]

There is no way that you can lock down a phone to the way you want due to it being an end user sole device by design, gpedit world this is not. BB's/Android 2.2+/iOS come with exchange policy override such as PIN requirement, remote wipe, device encryption but they don't lock down network access very well (guess you'd need proxy access too?).

Netbooks will honestly be cheaper and more secure.

in terms of security perhaps win 7 tablets would be the best, but whats the smallest form factor they come in?

 

[Chillimonster]

Just to put a slightly different spin on this.

We found that by locking down devices at work and restricting use to just work related tasks the 'device' was treated as a 'tool', with high incidences of repairs.

However when we relaxed the restrictions and allowed a little bit of 'freedom' in the use of the device then they were looked after more.

 

[bazaarboy]

Just to put a slightly different spin on this.

We found that by locking down devices at work and restricting use to just work related tasks the 'device' was treated as a 'tool', with high incidences of repairs.

However when we relaxed the restrictions and allowed a little bit of 'freedom' in the use of the device then they were looked after more.

we're not trying to be draconian, the only use for the mobile devices would be accessing the intranet application - people can still check their emails, facebooks etc, just on normal PCs

 

[Myshra]

The way to lock down a phone type device to intranet would be to ship them SIM-less to employees which would leave only wifi I guess (they could provide their own sims but would really only have this incentive if the device was high end).

Assuming you had a device with exchange override you could then sync them to exchange and the security policy which would forfill your lockout requirements but this is going to require a decent device or at least one with android 2.2+ that supports your features (sense and touchwiz based androids) but disabling apps like music is going to require you to either put an app on the device which locks other apps out (Android only) or nigh impossible as they could sideload an app or download one from the market.

Apple iOS supports the following options through ActiveSync if it helps:

security policies
• Remote wipe
• Enforce password on device
• Minimum password length
• Maximum failed password attempts (before local wipe)
• Require both numbers and letters
• Inactivity time in minutes (1 to 60 minutes)
Additional Exchange ActiveSync policies (for Exchange 2007 and 2010 only)
• Allow or prohibit simple password
• Password expiration
• Password history
• Policy refresh interval
• Minimum number of complex characters in password
• Require manual syncing while roaming
• Allow camera
• Allow web browsing

Android by and large is the same.

El-cheapo netbooks for £170 + XP professional + group policy that allows them to be used at home and work might end up being a more usable option.

 

[bazaarboy]

thanks myshra - that's helpful, I've had feedback from elance, and a couple of developers seems sure they can develop an android app for me that ticks all the boxes for about 500 dorrah - will keep you guys posted

 

[SKILL]

Think I've just found your proposal on Elance (gonna have a further look later, seen a few sites of this type this seems a bit higher quality than average though...)

Anyway, you mention the user logging in and being logged out after a period of inactivity, surely this is something the intranet pages themselves should handle rather than the app?

I do kinda agree with Chillimonster though, depending on what the actual information is it might be better to simply create an app for android and allow the rest of the phone to be used as-is, the whole tool vs possession kinda thing, but your choice obviously

 

[bazaarboy]

Think I've just found your proposal on Elance (gonna have a further look later, seen a few sites of this type this seems a bit higher quality than average though...)

Anyway, you mention the user logging in and being logged out after a period of inactivity, surely this is something the intranet pages themselves should handle rather than the app?

I do kinda agree with Chillimonster though, depending on what the actual information is it might be better to simply create an app for android and allow the rest of the phone to be used as-is, the whole tool vs possession kinda thing, but your choice obviously

hehe u found me by the sounds of it

in terms of the logout, just like normal browser sessions the webserver can end a session but the client machine will still display the last page. currently i use a piece of javascript on the client side that redirects to a logout page. i need to be sure that any android app would also logout, either by javascript or the app it self just locks after say 10min of inactivity

 

[Myshra]

the same JS would work in the android stock afaik. If you have a test page I can test it for you if you'd like (obviously minus the secure stuff). Might be worth noting the android browser contains a timeout anyway, after X time it will reload the page if you go back to the browser from any other screen (eg you go from browser to playing game for an hour to browser > page roloads).

 

[bazaarboy]

ok thats helpful - if the client side js works as it does on a PC browser
but: the mobile device must also lock up too after inactivity

just to unveil some of the mystery, we want to use these mobile devices at our hospital.
nurses carry out tasks on the ward, eg measure temperature, blood pressure, give medications etc etc we think we can speed things and improve safety if they can document their work with a mobile device, and by accessing a central web-application

soo: data security is supremely important

 

[SKILL]

I believe you can hook into the webkit back end that has full Javascript support so that bit should work, and either the app locking the phone or a suitable automatic phone lock being set should cover that bit,

Sounds interesting, could you email me on noskilluk <at> gmail.com to have a quick chat?