Security Features

Enterprise Browser 3.3

Overview

Enterprise Browser offers numerous security features implemented in various ways and through different interfaces. Below is a summary of EB security features with links to the relevant documentation for each.


Basic/Digest Authentication

Enterprise Browser supports pages that are password-protected with basic and digest authentication. The tags for this feature are located in the <authentication> node of the EB app's config.xml file.


Client and Server Certificates

Enterprise Browser supports access to web sites that are protected with client- or server-side certificates. This is documented in the <Certificates guide>.


Compliance with TLS 1.2, SSL3

Enterprise Browser supports Secure Sockets Layer (SSL) and the newer Transport Layer Security (TLS) protocols, detailed in the EB Compliance Guide.


Device Lock-down

When tight control over device settings and/or apps is required, Enterprise Browser 1.6 and higher integrates with Enterprise Home Screen, Zebra's free Android device lock-down solution.

See the Enterprise Browser Device Lock-down Guide for complete instructions.

Also see Kiosk Mode Enhancements, below.


Scoped Storage for Android 11+

Enterprise Browser 3.3 (and later) targets Android API level 30 (or later), which enforces storage restrictions on devices running Android 11. While the restrictions apply only to apps running on devices with Android 11 (or later), apps that are modified for these restrictions are compatible with older Android versions, so Zebra recommends adopting changes for compliance with scoped storage restrictions in mixed environments and to "future-proof" apps.

See the Scoped Storage Guide for more information and usage instructions.


Security Config Tags

The following security features can be implemented in an app's Config.xml file.

Web Security Features
  • <ApplicationCacheEnabled> - allows an HTML5 app to be stored locally for added security, off-line operation, improved speed and reduced server load.
  • <ApplicationCacheOnExit> - erases a cached HTML5 app upon exiting it.
  • <SetCacheMode> - controls rules for loading pages from cache vs. loading from the server.
  • <DeleteCacheOnExit> - erases cached data upon exiting.
  • <DomStorageEnabled> - controls whether application data is stored locally using HTML5 Web Storage.
  • <DatabaseEnabled> - controls whether to enable the WebSQL database.
  • <GeoLocationEnabled> - controls whether location data from device sensors can be consumed by the EB app.
  • <JavascriptEnabled> - permits JavaScript code execution within an EB app to be toggled on and off.
  • <SaveFormData> - determines whether an app will retain data entered by a user into forms, checkboxes and other input elements.
  • <BlockNetworkImage> - prevents the app from loading images over a network while allowing non-image resources to load.
  • <BlockNetworkLoads> - prevents the app from loading all network resources, including images.
  • <ClearWebData> - determines whether WebView data stored by the EB app will be retained when app returns to the foreground after the device HOME key is pressed.
  • <NavigateToHomePage> - causes an EB app to display its Start Page when the app returns to the foreground.
  • <MixedContentMode> - security feature that can prevent loading of content from insecure sites.
  • <WebFilteringEnabled> - controls whether web sites will be filtered by the addresses specified in the related tags (below).
  • <WhiteListingUrls> - explicitly allows one or more websites to be visited by an app.
  • <BlackListingUrls> - explicitly blocks one or more websites.
  • <DeleteCookiesOnExit> - automatically erases cookies stored by Enterprise Browser when exiting.
  • <ExitPasswordEnabled> tag - forces the app to require a password to exit.
Kiosk Mode Enhancements

The following tags work only on devices running Android Lollipop (and higher). These features are intended to enhance Kiosk Mode, a Lollipop feature that restricts device usage to a single app. The tags also work independently.

  • <setHomeKeyDisable> - prevents the HOME key (or capacitive button) on the device from exiting the current app.
  • <setStatusBarDisable> - prevents the status bar from being displayed (either automatically or by dragging down from the top of the screen).
  • <setBackKeyDisable> - disables the BACK key (or capacitive button), which could otherwise exit the current app and invoke the previously active app or Launcher screen.
  • <setVolumeButonDisable> - prevents the user from controlling the speaker volume using device hardware keys.
  • <setRecentAppDisable> - prevents display of the Recent Apps list, which could otherwise allow the user exit the current app by selecting an app from the "recents" list.

Settings Lock-out

An EB app can prevent a user from accessing the Settings panel on a device by using the <SettingsPageProtectionEnabled> tag in the EB app's config.xml file


Related guides: