Kiosk security: 5 ways to secure your Android kiosk

Cameron Summerson
Try Esper for Free
Kiosk security: 5 ways to secure your Android kiosk

One of the biggest concerns with fleet device management is security. We’re talking about physical and digital kiosk security here — how you protect your devices in the field. Esper offers a full suite of security features to keep prying eyes away from device settings and customizable options to keep devices from “walking off.” 

Whether you’re trying to lock down devices to protect sensitive data and disable Android system settings, or you want to make sure devices are where they need to be, we have options to help. Our most powerful security tools come packaged in Esper Foundation, our custom operating system based on Android (AOSP). Still, we have options available regardless of what type of Android kiosk you’re running. 

Manage Kiosks with Esper

Esper’s Android Kiosk Mode for a fully locked down system

Let’s start with a simple but compelling solution: Kiosk Mode. Kiosk Mode limits devices to displaying a single app, no matter what — access to the launcher, settings app, and everything else is blocked. The app is pinned to the screen using the Esper Agent, meaning it’s essentially unbreakable — if you’re concerned about your kiosk getting hacked, this is the strongest Android kiosk security you can find.

It’s worth noting that Android has a native “app pining” feature, and that’s not what this is. Android’s app pining option is easily bypassed and not designed for kiosk usage — it’s a more consumer-facing feature for briefly sharing your device with another person. 

Our Kiosk Mode, on the other hand, runs with elevated privileges and uses Android’s Lock App feature. In other words: if you want to run a single app and need to make sure this app never leaves the screen, kiosk mode is the unparalleled solution. 

Geofencing keeps devices from disappearing

Sure, you can physically tether a device to a specific location, but what happens if a wrongdoer decides to quickly sever that tether and walk off with your machine? You’ll probably never see that device again. Unless, of course, you’re using our geofencing feature, which is the ideal solution if you use Android tablets for your kiosks. 


If you’re not familiar with the term “geofencing,” it creates a geographically “fenced” area (digitally, of course) that will trigger a response of some kind — an alert, alarm, etc. — if the restricted device leaves that area. 

Geofencing relies on the device’s GPS location service and internet connectivity to function. While it works best with cellular-connected devices, You can also use it with Wi-Fi-only devices. 

With geofencing on the Esper platform, you can set a specific area (measured in meters, miles, or kilometers) to limit the range of a particular device. This is highly useful for devices that may travel in a small area, ensuring they never leave the defined region. 

If, however, a geofenced device does leave the defined area, it will either lock down the device, set off an alarm, or both. This setting is user-defined, so you can choose the action. It will also notify you in the Esper Console if a device leaves the restricted area. 

Esper Foundation for Android has robust security features

While we can protect basically any Android device that runs on our platform, we can kick things up a notch if you decide to go with our custom solution, Esper Foundation for Android. Foundation is designed from the ground up to take advantage of all Esper features and perfectly integrate with our console. 

What kind of things are we talking about here? From a security perspective, we can fully lock the device down. Want to make sure prying eyes can’t get into the bootloader or fastboot using any of the traditional methods? We can do it. Or what if you need to lock out the volume or power buttons? You betcha. If you want to limit background data communications for specific apps, we can do that, too. 

In other words, if you need to lock a device down so it can perform the task you need it to without any fluff or ways to sneak in, we can make it happen. The best part is that the Esper Agent is built in at the OS level and has complete control over the compliance policy. It’s almost impossible to remove the Agent, but if someone happens to be clever enough to do so, fret not — the system won’t boot without the Agent present. So your devices are protected either way. 

A compliance policy on the Esper console

Esper Foundation for Android also has baked-in protection against traditional Android rooting methods. Since it effectively locks the bootloader, recovery, fastboot, and even ADB access (if you want), Foundation ensures your devices have robust anti-root protection.

Esper Foundation for Android is available for a wide range of devices( including x86) and includes Android security patches. Oh, it’s also the only x86 Android offering that does file-based encryption. This form of encryption is faster and more versatile than full disk encryption, so your devices will always run at peak performance. 

If you need to flip x86 devices and want the most secure option you can get, Foundation is for you.

Secure Remote ADB for truly safe remote troubleshooting

ADB (Android Debugging Bridge) is undoubtedly one of the most valuable features for troubleshooting Android devices, but what happens when you don’t have physical access to that device? Thanks to the Esper SDK APIs and Secure Remote ADB, you’ll have safe, encrypted ADB access to any device in your fleet. 

Secure Remote ADB sends data through an encrypted SSL tunnel, so you can use ADB for remote debugging, configs, or anything else you need ADB for. Securely, safely, and — most importantly — remotely. 

Android is an inherently secure operating system

This one may seem a little on the nose, but we’d be remiss not to mention how secure Android is by default. Android is a constantly evolving operating system that is ahead of the pack when it comes to quickly implementing the newest technologies, including security features. 

From the time you fire up an Android device, Verified Boot is there to make sure the executed code is from a trusted source — in other words, the installed operating system hasn’t been modified or replaced. This is what a locked bootloader is all about.

But it goes beyond Verified Boot with the SELinux kernel, limiting who or what has control over the system. It even uses Mandatory Access Controls (MAC) to restrict access to apps running with superuser (root) privileges. 

It also protects the system from rogue apps with digital app signing to verify the identity of the app author. The developer must sign every Android app before it will run. Beyond that, each app also runs in its own isolated sandbox, so it runs as a separate process. This limits the app’s access to the operating system and prevents it from interacting with other apps. 

And that all goes without mentioning the monthly security patches (which we implement into Foundation shortly after they become available in AOSP). 

Want to learn more? Contact us today

So there’s a shortlist of some of the top security features just to get you started. If you’re interested in learning more, get in touch with us today. We’re always here to chat about how we can help you build a more robust, secure, and prolific device fleet. 


No items found.
The best video invention since DVDs
Joe Saavedra, Infinite Objects
Cameron Summerson
Cameron Summerson

Cam is Esper's Director of Content and brings over 10 years of technology journalism experience to Esper, including nearly half-a-decade as Editor in Chief of a technology publication. He currently oversees the ideation, execution, and distribution plans for numerous types of content from blog posts to ebooks and beyond.