Enterprise Home Screen: Lock Down Your Zebra Android Devices

They're supposed to be picking orders and managing inventory, but the warehouse guys are frequently spotted standing around an MC92 laughing at viral videos. Android has gained plenty of traction as an enterprise deployment platform. But the speed, simplicity and versatility that helped springboard its popularity also might sometimes lead workers toward entertainment after their productivity tasks are complete.

 

IT administrators tasked with eliminating such potential side-tracks should consider Enterprise Home Screen, a free Android app from Zebra Technologies that provides an easy way to lock down a device without the need to write a single line of code. Simply install and launch the tool, select which apps the device's users will be allowed to use, and quit. After an automatic restart, the device will show only the selected apps, along with a few simple device settings. All other apps and settings are invisible without an admin password. EHS also can restrict access to all device settings, if needed. And that's just for starters; Enterprise Home Screen can do a whole lot more to help increase productivity for workers and administrators, and provides complete security for the device as well as its apps and data.


EHS works by inserting itself in place of the stock Android app launcher and home screen. When first run, it presents a screen like the one below, offering a choice of which home app to open and whether to make the selection permanent.

Selecting "Just once" simplifies the process of switching between EHS and the stock Android launcher while first setting up and learning how best to use it. To invoke this dialog, press the HOME key. Once EHS fully configured, selecting "Always" when the dialog reappears will prevent further changes without a password (which is 256-bit AES encrypted). Out of the box, EHS disables the following when running in User mode:

  • Airplane mode
  • USB debugging
  • Access to the file system
  • Keyguard (for unlocking the screen)
  • Keyguard-screen camera and search functions
  • The Status-bar Settings icon 
  • Full access to the System Settings panel

 

These and other settings can be enabled as desired for a particular user or role (more on roles later). The next step in the initial configuration is to select the apps to be made visible to the user. On launch, EHS displays all apps installed on the device in a single, scrollable window similar to the image below:

Long-pressing an icon presents dialog boxes for selecting or deselecting the app to appear in User mode, as below:

Once all apps are selected, a quick tap on the Menu button (highlighted) brings up the Tools menu. Tap again on the Admin Logout to enter User mode and a screen similar to the image below. A configurable timeout will revert to User mode after 60 seconds by default.

To return to Admin mode, simply tap the User mode menu and enter the admin password. Adding to security is a feature that tracks a configurable number of incorrect login attempts that will disable the login feature entirely if exceeded. This is reset by replacing the configuration file.

Once again in Admin mode, in-app settings for Enterprise Home Screen are shown in the two images below. They include access to display settings, the lock screen, file system and other system settings.  

There's far more to EHS than meets the eye. The elegantly simple configuration file shown below controls all aspects of the app. Starting from the top, a kiosk mode allows a single app to be launched at startup, disabling BACK and HOME keys. Controlling User mode settings are the <applications> and <tools> sections, which control the display of apps as icons and tools in the tools menu, respectively. Next is the admin-password attempts counter, followed by the <preferences> section, most of which is self-explanatory (click the image to enlarge).

EHS reads the config file every time the HOME key is pressed or when a new config is pushed to the /enterprise/usr folder on the device. If an app other than EHS is running when a new config file arrives, the config file will be read when EHS returns to the foreground. A key advantage of this configuration scheme is the ability of EHS to easily switch between user roles on a single device. For example, if a  device is to be shared by a retail clerk during store hours and an inventory clerk after closing, a simple way to achieve this would be to create and store config files on the device that include apps for each role. Then a small script could be used to switch between the two config files at the beginning of each shift.

 

Enterprise Home Screen is provided free to Zebra partners. Learn more in the Enterprise Home Screen 2.3 User Guide.

Comments


Hi Dean-

A couple of things to check:

  1. To edit the EnterpriseHomeScreen.xml, drag a copy of it OFF THE DEVICE and open it in any text editor.
  2. When done editing, you MUST use ADB to deploy the edited config file to the /enterprise/usr directory on the device.
  3. After deploying the edited file, press the HOME key to force EHS to re-read it (EHS is supposed to re-read the config file whenever a new version lands in /enterprise/usr, but pressing HOME will double-check).
  4. The relevant portion of your config file should look like the following before and after the ET1 video link is removed:

With ET1 link

----------------

...

<applications>

        <application label="Rapid Deployment" package="com.symbol.msp" activity="com.symbol.msp.client.RDMenu"/>

        <application label="Calculator" package="com.android.calculator2" activity="com.android.calculator2.Calculator"/>

        <application label="DWDemo" package="com.symbol.datawedge" activity="com.symbol.datawedge.DWDemoActivity"/>

        <link label="ET1 Video" url="http://www.youtube.com/watch?v=ERlIzLt-h6s"/>

</applications>

...

Without ET1 link

-------------------

...

<applications>

        <application label="Rapid Deployment" package="com.symbol.msp" activity="com.symbol.msp.client.RDMenu"/>

        <application label="Calculator" package="com.android.calculator2" activity="com.android.calculator2.Calculator"/>

        <application label="DWDemo" package="com.symbol.datawedge" activity="com.symbol.datawedge.DWDemoActivity"/>      

    </applications>

...

Hope that helps.

Eddie Correia


Thanks.

Dean O. Earl

Senior Systems Engineer

Retail Hardware Engineering

Office: (208) 985-8587 (New)

Cell: (801) 891-5036


By the way, thanks for writing.

Please let me know if this solution worked so I can post it to the discussion forum and help other people.


I will.

Dean O. Earl

Senior Systems Engineer

Retail Hardware Engineering

Office: (208) 985-8587 (New)

Cell: (801) 891-5036


When I finally got ADB to work correctly, this worked just fine. I had realized that I had to edit the file locally on my desktop and then copy it back. It was the copying of the edited file that I had an issue with.

Thanks!!

Dean O. Earl

Senior Systems Engineer


Thanks Dean. I'll post this to the discussions forum, where others have had the same issue.


There is nothing that tells how to get rid of the ET1 Video icon and I definitely do not want users to have access to it, although it will do them no good since they cannot access anything externally except Google. I checked the user documentation that came with the .apk and it had nothing about that. I went to the EnterpriseHomeScreen.xml and deleted the line referring to it and restarted the MC92N0 and it was still there.

Thanks