Additional Android phishing configuration tasks

After MobileIron client has been set or selected as the default Android browser to provide phishing protection, some additional tasks may be needed.

Table 1. Additional phishing configuration tasks

Task

Description
AppConnect (Android 5.0+)

In Android AppConnect container configuration, administrators should distribute Web@Work and enable the following lockdowns for the phishing protection:

  • Allow Web
  • Allow non-AppConnect apps to open URLs in Web@Work

This will ensure that on URL clicks inside and outside the container, MobileIron client can intercept the URL for phishing protection and use the installed Web@Work to display the safe URLs. For more information, see the AppConnect section in the MobileIron Cloud product documentation. (MobileIron credentials are required to access documentation in the Support Community.)

Kiosk Device Admin mode (Samsung devices from Android 5.x to 8.x and non-Samsung devices from Android 5.x to 7.x) and Kiosk Android enterprise Device Owner mode (Android 5.0+)

When URL clicks are inside the kiosk, if the URL is safe, it will be displayed with browsers available in the kiosk mode. Kiosk mode remains active and functional if the phishing protection was enabled outside the kiosk and then removed while the device is in kiosk mode. Exiting in and out of kiosk mode keeps the phishing protection functional inside and outside the kiosk.

When a user clicks a URL:

  • If the URL is not safe, it will be blocked.

  • If the URL is safe, MobileIron client will render the URL with the browser available or display a list of browsers. The end user is asked whether they want to use this browser Just Once or Always.

    • For Just Once, MobileIron will continue to show a list of browsers, if there are multiple browsers.
    • For Always, MobileIron client will save the selected browser, and use it to render safe URLs going forward.
NOTE: Once the user selects "Always" through the MobileIron client's list of browsers, the user cannot change the default browser for rendering safe URLs. As a workaround, install a new browser. On clicking the next safe URL, the user will be again shown a list of browsers, including the new browser.