• 15 Posts
  • 264 Comments
Joined 1 year ago
cake
Cake day: June 17th, 2023

help-circle




  • Part of my job includes mobile device management so I can explain.

    There is a class of software that can be installed on phones that has the privilege of an administrator on the phone. This called Mobile Device Management software or MDM. This management software can disable certain features by policy, install, remove or block software, remote wipe, monitor and backup the device.

    It’s most often used on company-owned devices. But people understandably don’t want to carry two phones.

    So some companies like Apple allow employees to opt-in to using a personal device for work, with the trade-off that company has some management options on the phone to comply with their security and data privacy policies.

    It sounds like in this case Apple offered employees to stay hands off their personal phones and connected accounts by using a second work-only phone. The employee opted-in to connecting their personal device to Apple and was then frustrated that Apple had more access to their device.

    To answer the question directly: This mobile device management software isn’t running on most personal devices. See for yourself under Settings: Device Management. If the device is managed, you’ll see something there.



  • I use QGIS, which needs to stay in sync with a number of Python packages and plugins. I have thought of using Nix for that, but am not sure if everything I need is packaged for Nix.

    I’m using Conda now, a Python package member which seems more popular for this niche need.


  • I agree. Flatpak could be used to further lockdown what Firefox can do, but it has so much features and complexity that I also expect it to be difficult to successfully lockdown.

    I would either start with a product that explicitly has just the features a web-kiosk needs or use something based on ChromeOS, which explicitly has a set of enterprise policies that are there to allow admins to lock down a fleet of Chromebooks as they need.

    This is based on the security principle that a system is far more secure if you explicitly allow what you need vs trying to explicitly block or disable all the things you don’t want.

    Over time, the features you need to allow your web kiosk needs maybe somewhat static and in your control, while all the features you need to disable in Firefox could be constantly evolving and put of your control if you are keeping Firefox up to date.