Android 9 setup (+ auto start with pin)

Forums Service Issues Setups & Configurations Android 9 setup (+ auto start with pin)

  • aleppo
    January 28, 2020 at 4:14 am

    I’m trying to set up CleanBrowsing on an Android 9 to have a secure pin and auto-start upon restart.

    The auto start feature works fine is there is no pin set. But if there is a pin, I am required to enter the pin to enable CleanBrowsing every time upon restart. This makes it very easy for someone who is prevented from turning off CleanBrowsing by a pin to disable CleanBrowsing by simply restarting the phone.

    Is there any way for me to activate CleanBrowsing, set a pin, and then restart the phone so that the app is always active and there is no way to turn off CleanBrowsing unless you have the pin code?

    Also: is there any way to hide the Android system VPN status icon from the pull down menu and lock screen of the phone?

    Daniel Cid
    January 30, 2020 at 12:56 am

    For Android 9, maybe use their new Private DNS option instead of the App?

    https://cleanbrowsing.org/guides/dnsovertls

    It should work better and cover you if the App is off (not VPN required).

    thanks!

    SamH
    January 31, 2020 at 12:37 pm

    I played around with various options and the Private DNS setting available in Android 9 is by far the simplest and most reliable. Here’s instructions… https://support.google.com/android/answer/9089903

    This then allows other useful tools like NetGuard to run as the “VPN” app.

    SamH
    February 27, 2020 at 4:52 am

    I played around with various options and the Private DNS setting available in Android 9 is by far the simplest and most reliable. Here’s instructions… https://support.google.com/android/answer/9089903

    This then allows other useful tools like NetGuard to run as the “VPN” app.

    aleppo
    February 27, 2020 at 4:52 am

    The suggestions to use PrivateDNS do work — the only drawback is that they are easily disabled.

    To set up PrivateDNS, you go to Settings > Connections > More Connection Settings and select Private DNS. Here you can enter one of the cleanbrowsing DNS hostnames (https://cleanbrowsing.org/guides/dnsovertls) in the box provided. And it works quite well.

    The big downside here is that someone can very very easily go in and just turn off PrivateDNS if they want to circumvent this filter.

    I’m wondering if there is a way to lock down a phone so that it always uses the PrivateDNS and is not easily disabled by toggling settings or restarting the phone.

    KingHolly
    December 29, 2020 at 11:51 pm

    @aleppo
    My reply seemed to not go through. It is possible it will still go through eventually, so apologies for any double posts.

    Here is a tip for Android users out there. A much more robust solution and not too difficult to setup. The approach is to go the route of device policy management. In this instance you do not need any enterprise hosted solutions, but only the Test DPC app (https://github.com/googlesamples/android-testdpc). It can be downloaded from the Play Store. It is basically an app provided by Google to help developers see how their apps work in the context of a restricted device. It is also an app to showcase the latest in Android Enterprise management.

    Steps Summary:

    Install and provision Test DPC as a device owner. This will give you more control over restrictions. If you do not want to wipe your device before provisioning, you can use adb to programmatically set Test DPC as device owner. See the GitHub link above for instructions.
    Set profile settings within Test DPC app as desired
    Lock usage of Test DPC app through a robust app locker. This step insures your settings made within Test DPC cannot be changed.The app locker needs to to prevent the user from removing it as an admin app after that access has been granted. Truple Web Filter for example prevents this change once the filter has been enabled.
    As you can see from the list of some of the useful settings below, this approach is more akin to hardening than a simple app locker app that likely has many workarounds. Big tech companies obviously are addressing parental controls as an afterthought, but where they are focusing their efforts is on enterprise. That is where the money is. Fortunately for us, many of the features developed for enterprise are exactly what a parent or individual is looking for in order to harden their devices against unwanted content and workarounds. Now the trick is for us consumers to voice our desire to have some of these features packaged in a more consumer friendly format. We may never see that request fulfilled, but tech savvy individuals can make due with using enterprise technologies in a consumer/home environment.

    An additional approach well beyond the scope of the Test DPC app is for those that are SUPER tech savvy would be to fork your own version of the Android Open Source Project (AOSP). Many of the enterprise configurations can be baked directly into the operating system through the use of configuration files. This would provide consumers a potentially simpler way to get devices that are hardened out of the box against undesired content as well as prevent circumvention of restrictions which come in a variety of ways unknown to most parents and individuals. Just some musings and tips here!

    Here is a list of some useful settings to use in the Test DPC app (not their exact names):

    Block UNinstallation of select apps
    block INstallation of any app
    block INstallation of third party apps and APKs
    enforce private DNS settings (CleanBrowsing)
    block System WebView if you use want to use a restricted browser without workarounds (installing a new WebView is possible, but technically challenging)
    block VPN usage
    disable ADB debugging and developer settings
    prevent factory resetting of device
    block app stores (not necessarily needed if you already block installation of apps)
    prevent multi user support and new user creation
    disallow safe mode
    suspend or hide certain apps you want to keep on the device but only use temporarily when unlocking restrictions through Test DPC.

    CleanBrowsing Admin
    January 24, 2021 at 12:25 am

    Hi Everyone

    Sorry for the delay. If you have a minute, we just released the Android app in the Google Playstore.

    It should address some of the issues we have been having with Pin, Auto-Restart and it now uses DOH for all communication.

    Thanks

    KingHolly
    January 28, 2021 at 5:58 am

    Hello, I searched the Play Store and I did not find the app. Has it been released yet? Or was it removed from the Play Store for any reason? Thanks.

Tagged: