First Last
asked on
Possible to restrict WiFi so only one app (apple or google) can run?
Hello Experts - I'm trying to determine if its possible to setup a wireless LAN so that only one app from the google and apple app stores will run. The goal is to setup a wireless network for our customers to use that will let them download and run our app but nothing else. Possible? If so how would it be accomplished?
ASKER
Thank you for the detailed explanation! Unfortunately this will be for the general public to use and obviously I won't have access to their devices ahead of time. I'm curious about the "Layer 7 proxy" device and how that might work. I called both google and apple this morning, both companies said what I want to do isn't possible because the app and play stores both use the same ip/ports for all apps. How could a firewall distinguish between the different apps in order to allow one but block another? Also, can you recommend a specific proxy? I'm not too familiar with the offerings in that category. Thanks again for the info!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Its taking me some time to absorb all this and I wanted to thank you again for such an excellent post. I'll go through this in detail and see if its something I can handle.
In which City/State is the store located? Do you have an implementation budget? :-)
ASKER
No budget unfortunately, doing it on the cheap! :)
The restrictions your requesting reside in Layer 7 (Application) of the ISO model. This means that you cannot address it at lower layers. In other words, you'd need to develop/utilize a Layer 7 application which essentially acts as a software firewall/policy enforcement program-- restricting communication/execution based on the executable name and/or download location.
The Windows Firewall, for example, has the capability to restrict network communication based on the executable name. It's conceivable you could develop a stronger "application authentication" mechanism, based on SHA256 hash or digital signature, etc. of the preapproved application(s). This is known as a "white list".
Additionally, consider placing a Layer 7 application proxy between your WiFi access point and the Internet. This application proxy could restrict URIs (only direct access to the app in the relevant stores permitted, etc.)
It would be an undertaking, though definitely possible. Bear in mind if its too restrictive it could be considered malware.
All that being said, if this is for Android/Apple devices, you may not have access to lock these devices down in this manner, without them being rooted, etc.