I've been asked to help set up a tablet or pc for a public kiosk so that people can sign up to a mailing list. I'm wondering if anyone has done this, and what they found out along the way?
I see there's an android app that might help, called
SureLock. It would probably allow us to have a browser app open locked to a particular webpage with a form. However, there might be better options.
Edit: I sent a quick message to the company that sells SureLock, and they pointed me to a similar product called SureFox which can apparently
do what I want however I'm still interested in other options.
First off is to ensure the kiosk itself has not other interfaces wired, or wireless or even external USB for unintended plug in trial out.
Second is to ensure the OS and application are locked down locally to run only specific apps which the kiosk is going to allow the public to use, and not other more. E.g Disable all unnecessary and non essential OS/apps accounts, and services. Do the necessary audit trails and disable an form of remote login attempt and allow least privileged account login only - no anonymous account if possible.
Third, enforce it as standalone and only has internet connection via a proxy installed to enforce web browser used with web apps to go thru it. Disallow any form of other means to internet except via the installed proxy. Of course the whole kiosk UI cannot be minimised or reboot or bypass into file explorer or into device management console or equivalent setting ... go for clean minimalist UI interfaces to minimise exposure for abuse and tampers. but must allow patching of software in offline mode via the admin account (this normally needs some server side management support).
Fourth, (good to have) go for Mobile Device Management based which can have policy enforcement and allow "reset" state upon reset or reboot if possible (i know of deepfreeze in workstation but not much in Mobile device though)
Some example include:
a) Kiosk Web Browser/Launcher
b) clyd kiosk standalone
c) KioWare has both for mobile OS and Window OS based which may be more comprehensive with management capability too.
d) In fact iOS can be consider with mobile app lock down as well. This is mostly allude to 'Store Demo' mode. There is also mention of iOS 7 includes an 'App Lock' payload as part of the device configuration profile. From the Apple docs: "By installing an app lock payload, the device is locked to a single application until the payload is removed. The home button is disabled, and the device returns to the specified application automatically upon wake or reboot."