VMware Workspace ONE Community
SRuiz78
Contributor
Contributor

How do you block Adult Websites on Android devices

Hello Everyone,

I am new to the group, and I am also a new Workspace ONE UEM Admin.  We recently had an incident with someone watching Adult videos on a company-managed device.  The device is a Samsung Galaxy Tablet Active Pro.  My question is: 

1.  Have you had any issues with users accessing adult content on Android devices?

2.  Do you know of suggestions for dealing with this situation?

The only solution I found is to use the Workspace Web browser in Kiosk mode.  However, because we are using GSuite, we have issues passing the device credentials to the browser for authentication.  With Google Chrome, this is not an issue.  With Google Chrome, I already enable SafeBrowsing, SafeSearch, and Enhanced Protection, but even with this feature turned ON, a user can still enter a URL to a porn site.  I also blacklisted all sites and only allowed company-related sites, but by doing this, some websites have issues loading some of the content.  I was also thinking of using the Private DNS settings, but I can't find a way to configure this from Workspace ONE.  From the Google Workspace Admin Console, there is a setting for Safe search URLs.  However, this is only good for Windows, MacOS, Linux, and ChromeOS (Not for Android).  I am out of Ideas, and I have a support ticket already open with support.  Please, share your ideas or suggestions.  Am I the only one experiencing this issue with Android devices? 

Thanks 

Reply
0 Kudos
6 Replies
AlexBonnaire
Contributor
Contributor

as a Work Managed device, i recommend to use Proxy App to go to internet (Zscaler or other Solutions) , and managed Web access rights through this solution.

 

Reply
0 Kudos
callmegibby
Enthusiast
Enthusiast

Hey SRuiz78,

I use google chrome on Tab Active devices in Launcher (kiosk mode). I have seen the payload for google chrome settings in a profile can be janky. I resulted in using an XML instead... Go to "Profile & resources" then "profiles". Create a profile with just google chrome settings. Once it is saved, click the circle white box and click on XML. You can then copy what settings you are wanting to set/block. For example, I used this below:

<characteristic type="com.airwatch.android.androidwork.app:com.android.chrome" uuid="REDACTED" target="1">
<parm name="AutoFillEnabled" value="False" type="boolean" />
<parm name="ProxyMode" value="system" type="string" />
<parm name="PasswordManagerEnabled" value="False" type="boolean" />
<parm name="SigninAllowed" value="False" type="boolean" />
<parm name="URLBlocklist" type="string">
<![CDATA[["*"]]]>
</parm>
<parm name="URLAllowlist" type="string">
<![CDATA[["Google.com"]]]>
</parm>
<!-- REDACTED -->
</characteristic>

 

This will allow you to block all websites. You can then create a profile under components and just use the XML you desire in a separate profile from anything else you have. We use a proxy on devices which could block this as well since we are on a Private APN and Private Wi-Fi network but better to have it blocked multiple ways. Would highly suggest suggesting a proxy. 

 

Would also highly suggest using Launcher and only giving what is needed to workers. 

Reply
0 Kudos
callmegibby
Enthusiast
Enthusiast

and by in a separate profile, I mean placing the XML in "custom settings".

Reply
0 Kudos
k1lljoy
Contributor
Contributor

Reply
0 Kudos
jasbrow
Contributor
Contributor

Are you managing the Samsung devices with full KNOX management? You can put specific blocks in KNOX but if you are looking for Android traffic in general then Zscaler is a great solution.

Reply
0 Kudos
SRuiz78
Contributor
Contributor

We have decided to use Sentinel ONE Singularity Mobile and integrate Workspace ONE with Sentinel ONE for better control over device security and privacy.  Thanks for the suggestions 

Reply
0 Kudos