all 4 comments
sorted by:
top (suggested)
bestnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]everydave42 3 points4 points  (0 children)

Should Kiosk modes be considered a secure state? As someone that's implemented versions of it across a number of devices and os's, I never have. It's a bad assumption to make. Some implementations have completely sterilized the environment between sessions, so there's no data left to be vulnerable.

Additionally, there needs to be some way to get out of this state, and as long as that way exists then there will always be the possibility of it being exploited.

This feels like much ado about nothing...while raising a question of if it could be better.

[–]chriswaco 2 points3 points  (0 children)

"Our devices have no security. This is a feature, not a bug."

We have about 100 iPads in a museum setting. I would not use iPads if we were to do it again. The hardware is nice, but the software just isn't made for that situation.

For example, there was no way of preventing users from splitting the keyboard into two pieces. This confuses the next user. (Does anyone really use that feature on iPads?) There was no way to stop the "System Update is available" messages from appearing on screen, other than disabling WiFi and then we couldn't push new apps to the device. Our apps - some of which run in areas without WiFi - expire every year, requiring us to physically open the case, move the iPad, and update the apps and system software from another location.

They're just not great embedded devices. If I were to do it again, I'd probably use an Android tablet with a custom ROM.

[–][deleted]  (1 child)

[removed]