1. Purpose and Objectives
The Kiosk Policy module is designed to create and distribute application restriction strategies that help enterprises lock down devices to designated business apps, preventing unauthorized usage or app installation. Admins can configure different types of kiosk strategies based on device types (GMA / KMA / IMA), defining single- or multi-app modes, system function restrictions, and permission control mechanisms. This simplifies user operations, reduces maintenance costs, and enhances device compliance and security.
The platform supports two types of Kiosk policy configurations:
GMA Kiosk Policy: For GMA devices only. Supports configuration of Google Play public and private apps.
KMA Kiosk Policy: For KMA / IMA devices. Supports configuration of enterprise public, private, or web apps.
All strategies support options for default launch apps, dynamic permission controls, navigation bar restrictions, and access control for system settings. Deployment mechanisms include device range selection and scheduled release. Policies can be modified, disabled, or deleted at any time, supporting flexible lifecycle management.
Important Notes:
Each device type supports only its corresponding kiosk policy type; cross-type policies are not supported.
All apps included in a strategy must be in Published status.
Strategies support phased deployment methods such as canary or percentage-based rollout, suitable for large-scale or staged deployments.
Policy configurations are tightly bound to the target device type and do not support cross-device-type strategies.
Primary Operations:
Operation | Description |
Create GMA Kiosk Policy | For GMA devices only. Configure Google Play public/private apps. Supports single/multi-app mode and system restrictions. |
Create KMA Kiosk Policy | For KMA/IMA devices. Configure enterprise private, public, or web apps. Supports default launch, navigation restrictions, and permission control. |
Secondary Operations:
Operation | Description |
Submit | Submit a draft policy for approval, entering the "Pending Review" state (if approval workflow is enabled). |
Approve | Admin reviews pending policies and approves or rejects them to determine policy activation. |
View Details | View version history, configuration content, associated devices/groups, and logs for all policy types and states. |
Edit | Create a new version of a published policy with updated configuration and scope. Archived versions are retained for audit purposes. |
Push Policy | Manually deliver policy configurations to associated devices to enforce or reapply policies. |
Enable/Disable | Toggle whether the policy is applied to devices. Disabling removes the policy from devices; enabling re-applies it. |
Revert | Restore an archived policy to draft state for reuse or modification. |
Delete | Permanently delete an archived policy. This action is irreversible. |
Typical Use Cases:
Lock store-front devices to a single POS or ordering app to prevent misuse or entertainment app installations.
Enable navigation and permission restrictions for logistics and courier terminals, allowing only camera and scanner access.
Control system settings and notification access on government or medical institution devices for regulatory compliance.
Roll out kiosk strategies to new devices using phased or percentage-based deployments for testing and validation.
Partners can centrally push kiosk policies to demo units to ensure consistent demo content and device security.
2. Primary Operations
2.1 Create GMA Kiosk Policy
Description
The GMA Kiosk Policy is used to configure Google Play (public/private) apps to run in kiosk mode on GMA-type devices. Admins can define a list of allowed apps and set restrictions for device behavior, then distribute the policy to target devices to enforce secure and controlled usage.
GMA Kiosk policies only support Google Play public and Google Play private apps in "Published" status. They are suitable for single- or multi-app configurations in closed environments (e.g., POS or information terminals). Once configured, the policy will be pushed to designated devices based on the selected rollout plan and will take effect automatically.
KiwiCloud adopts a module-level merge with latest override strategy stacking mechanism to ensure policy consistency and flexibility. If the approval workflow is enabled, the policy must be approved before it takes effect.
Notes
Applicable to GMA devices only, not for KMA/IMA devices.
Supports only Google Play public and private apps, not enterprise private apps.
Each app can only be effective in one GMA Kiosk policy. The system follows a "module merge, latest override" logic.
All apps must be in Published status before they can be added.
Modules not configured in a policy will be excluded from deployment and stacking.
Policies are effective immediately upon release. It’s recommended to pilot-test in small batches.
If approval is enabled, policies enter "Pending Review" status and must be approved before activation.
Policies cannot be directly edited. Use the “Edit” function to create a new version.
The selected device scope and release time affect delivery timing. Plan according to device onboarding batches.
Steps
1. Access the Policy Management Page
Go to the App Policy module and click Create Policy.
Select GMA Kiosk Policy as the policy type.
2. Select Apps
In the App Selection screen, choose published apps from Google Play (public/private).
Only apps in Published status can be selected.
3. Configure Device Restrictions
Device restriction settings are divided into two tabs: App Config tab and Device Restrictions tab, which together define device behavior and access permissions.
3.1 App Config Tab
This tab includes the following modules:
App Configuration For apps supporting Android Enterprise Managed Configurations, you can set parameters (e.g., Slack workspace, email domain). These settings are delivered with the policy and applied automatically.
App Permissions Define how the system handles permission prompts:
Deny
Prompt
Grant
Permissions include access to contacts, location, network status, camera, etc.
Accessibility Service Settings Optionally pre-authorize accessibility services for selected apps. Useful for automation and UI control apps. If not configured, users will be prompted to enable it manually.
3.2 Device Restrictions Tab
This tab defines system-level restrictions under the kiosk strategy, including:
Power Button: Allow or block use of the power button (shutdown, restart).
System Error Dialogs: Control whether system error prompts appear.
System Navigation: Define the appearance of the bottom navigation bar.
System Info & Notifications: Configure access to status bar and notifications.
Device Settings: Restrict or allow access to system settings.
Choose restrictions according to operational needs to ensure the device only runs authorized apps with proper isolation.
4. Configure Distribution Scope
4.1 Distribution Plan
Immediately: Push the policy right after creation.
Scheduled: Choose a future time to release the policy.
4.2 Device Scope
All Devices: Apply to all GMA devices under the enterprise.
Phased Release: Manually select device groups or devices.
Percentage-Based Rollout: Randomly push to a defined percentage of devices.
5. Submit the Policy
After configuration, click Submit.
If approval is not enabled, the policy will enter “Published” state and be delivered.
If approval is enabled, it enters “Pending Review” and requires admin approval to take effect.
2.2 Create KMA Kiosk Policy
Description
The KMA Kiosk Policy is used to deploy enterprise private, public, or web applications on KMA/IMA devices and enforce single- or multi-app kiosk mode. This policy allows configuration of auto-launch, dynamic permissions, kiosk exit password, and system restrictions to ensure a secure, locked-down operating environment. It is commonly used in POS, demo, and self-service terminal scenarios.
The platform supports modular policy configuration. Each functional module (e.g., auto-launch, dynamic permissions) can be enabled or disabled as needed. Enabled modules participate in policy stacking on devices, while disabled modules do not. Policies can be distributed by device, device group, or in percentage-based rollouts, with support for immediate or scheduled delivery.
Notes
KMA Kiosk policies are only applicable to KMA / IMA devices, not GMA devices.
Supported app types include Enterprise Private Apps, Enterprise Public Apps, and Enterprise Web Apps only.
App version options:
Latest Version: The system will keep the installed app updated to the latest version;
Specified Version: The system will upgrade the app only if the current version is lower.
All related apps must be in Published status.
Disabled modules will not participate in device-side policy stacking or configuration.
Kiosk exit password can be set to allow operators to exit Kiosk mode when needed.
Upon submission, the policy enters Pending Review status and requires admin approval to take effect.
If the Policy Approval Workflow is disabled, the policy takes effect immediately upon submission.
Steps
1. Configure Basic Policy Information
Click Create Policy, and select KMA Kiosk Policy.
Enter the policy name (required).
Enable Compliance Check (recommended).
Select the deployment mode: Single App or Multi-App.
Select the apps and choose either Latest Version or Specified Version.
2. Configure App Behavior
2.1 App Configuration Tab
Set the Kiosk Exit Password (for cases like network disconnection or maintenance).
Tap the screen 8 times with two fingers within 5 seconds to open the exit interface and enter the password to exit Kiosk mode.
Configure the Auto Launch App (the app starts automatically on boot).
Configure Dynamic Permissions:
2.2 Device Restrictions Tab
Configure restrictions on system behavior, including:
Power Button Control: Whether to allow power button usage (e.g., shutdown, reboot).
System Error Dialogs: Display or suppress system error dialogs.
System Navigation: Control the bottom navigation bar display.
System Info & Notifications: Manage status bar and notification visibility.
Device Settings: Restrict access to system settings.
Choose the appropriate restrictions according to your use case to ensure the device only runs authorized applications and maintains the necessary security boundaries.
3. Configure Policy Distribution Scope
3.1 Distribution Plan
Choose when to distribute the policy:
Immediately: Deliver the policy immediately after saving.
Scheduled Time: Set a specific time for deployment.
3.2 Device Scope
Select the devices the policy will apply to:
All Devices: All KMA/IMA devices under the enterprise.
Phased Release: Select specific devices or device groups.
Percentage-Based Release: Choose a percentage, and the system will randomly select devices.
4. Submit the Policy
Click Submit to save the policy. The policy status will become Pending Review.
If approval is enabled, the policy must be approved by an admin before deployment.
If approval is disabled, the policy will take effect immediately after submission.
3. Secondary Actions
3.1 Submit
Description
This operation is used to submit a Kiosk policy in draft status to the platform’s approval workflow. After submission, the policy status will change to "Pending Review" and must be approved by an administrator before it can be officially released to devices.
It applies to both KMA and GMA Kiosk policies when creating a new policy or submitting a modified version. If the approval workflow is disabled, the policy will skip the “Pending Review” step and immediately change to the “Published” status, ready for deployment.
Notes
Policies in draft status can be freely edited and saved. Once submitted, they can no longer be edited.
If the approval workflow is enabled (
System Settings > Others > Approval Workflow Toggle), the policy must be approved before it becomes active.If the approval workflow is disabled, the policy will immediately change to “Published” status upon submission.
The submission action does not include a second confirmation step — please ensure all policy details are correct before proceeding.
The submitted policy version will become the active version. The previous version will be archived as history.
Steps
Access Draft Policies
In the "Kiosk Policy" module, filter for policies with the “Draft” status.
Initiate Submission
Click the Actions button on the target policy, then select Submit.
Complete Submission
The policy status will change to “Pending Review”;
If approval is disabled, the policy will automatically move to “Published” status and proceed to device deployment;
You can view the policy status and approval progress in the policy list.
3.2 Approve
Description
This action is used to review and approve a submitted Kiosk policy, determining whether it is allowed to proceed to the “Published” status and be deployed to target devices. Once approved, the policy configuration will take effect based on the defined release schedule and device scope. If rejected, the policy will revert to “Draft” status and require editing and resubmission.
This workflow applies when the organization has enabled the Kiosk Policy Approval Process, allowing manual control over policy publishing to enhance operational security and accuracy.
Notes
Approval is only applicable to policies in “Pending Review” status;
Once approved, the policy will immediately change to “Published” and be deployed according to the release schedule;
If rejected, the policy will revert to “Draft”, allowing further edits and resubmission;
If the approval workflow is disabled (
System Settings > Others > Approval Workflow), policies will automatically skip this step and go directly to “Published” status upon submission;Approval actions are irreversible — ensure the policy content, scope, and device impact are correct before proceeding;
All approval actions are logged in the policy’s operation history for audit purposes.
Steps
Go to the Policy List
Navigate to the “Kiosk Policy” page and filter policies with the status “Pending Review”;
Initiate Approval
Click the Approve button next to the target policy;
Confirm the Approval Decision
In the confirmation popup, click either Approve or Reject:
Approve: The policy status changes to “Published” and will be deployed based on the schedule;
Reject: The policy returns to “Draft” status for further editing and resubmission;
Complete Approval
The policy status will automatically update to reflect the result;
You can view the approval result and operation records in the “Policy Details” section.
3.3 Details
Description
This feature allows you to view detailed information about a specific Kiosk policy, including basic policy info, selected apps, configuration settings, release schedule, associated devices, and execution logs. It supports version history and tab-based browsing to help administrators review policy versions, monitor deployment status, and troubleshoot issues.
The details page displays both current and historical versions of all KMA / GMA Kiosk policies, with a modular breakdown of each configuration, serving as a key entry point for full policy lifecycle management.
Steps
Access Policy Management
Navigate to the “Kiosk Policy” module;
Click the Details button next to the target policy to open the details page.
View Policy Information
The top section of the page displays key policy info:
Policy Name: The unique name identifying the policy;
Policy ID: A system-generated unique identifier;
Last Modified By / Time: Who last saved/submitted and when;
Last Deployment Time: The most recent time this policy version was pushed to devices;
Version History Switch: Allows viewing previous configuration versions;
Associated Groups: Number of device groups bound to the policy;
Associated Devices: Number of devices the policy has been deployed to.
Browse Policy Content
The details page includes several tabs to present the policy content in a structured way:
Selected Apps
Lists all apps included in the current policy;
Supports multi-app mode showing package names, app type (private/public/Web), and source;
Only published apps are displayed.
Policy Configuration
Split into two subtabs: App Configuration and Device Restrictions.
App Configuration:
Kiosk exit password settings;
Default launch apps (auto-launch on boot);
Dynamic permission toggle and assigned apps (with view details option);
Per-app settings for default launch, dynamic permission, and versioning;
Version control: latest version or specific version.
Device Restrictions:
System behavior control options (power button, system navigation, notifications, error dialogs, settings access);
Each setting's status (enabled/disabled) is clearly shown;
Helps assess the strictness of kiosk environment settings.
Deployment Configuration
Shows the policy’s scheduled release time and deployment scope:
Release time: immediate or scheduled;
Deployment range: all devices / staged release / percentage-based release;
Lists targeted devices, filterable by name, model, or SN.
Operation Logs
Records key user actions on the policy, such as submit, approve, edit;
Shows operator, action type, timestamp, and execution result.
System Logs
Logs system-triggered events (e.g., policy edits, push events, version delivery);
Displays outcome, delay, and trigger time, useful for identifying system issues.
3.4 Edit
Description
This operation allows you to edit an existing KMA / GMA Kiosk policy, including changes to the policy name, selected apps, configuration settings, device restrictions, and release options. Each edit creates a new version, while the previous version is archived and becomes read-only.
After completing the edit, you may choose to Save the policy as a draft or Submit it for approval (if the approval flow is enabled). Once approved, the new version will replace the previous one and be pushed to the target devices, ensuring consistency and accuracy across deployments.
Notes
The edit action generates a new version; the previous version will be archived and cannot be edited;
All fields are editable, including selected apps, Kiosk configurations, and release settings;
Before editing, confirm the current policy status and affected device scope to avoid misconfiguration;
If the policy is in the Archived status, it must be Reverted to draft before editing;
After editing, you must Submit the policy for changes to take effect, following the approval flow;
All changes will be logged in the operation history;
Once edited, the system will re-calculate and apply the updated policy stack to all associated devices;
The updated policy will not be pushed to devices until it enters the “Published” state.
Steps
Access the Policy List
Go to the Policy Center module;
Locate the target policy and click Actions > Edit;
Edit Policy Content
On the edit page, update the following sections as needed:
Basic Info: Policy name, compliance check toggle;
Selected Apps: Add/remove apps, modify version (latest/specific);
App Configuration: Set default launch app, exit Kiosk password, dynamic permission settings;
Device Restrictions: Configure system navigation, status bar, power key, etc.;
Release Configuration: Adjust schedule and target devices (all / staged / percentage-based);
Save or Submit
Click Save to store the policy as a draft for future submission;
Or click Submit to change the policy status to “Pending Approval”;
If the approval flow is disabled, submission will immediately publish the policy.
View Version History
Switch between version numbers in the policy details page to compare configurations;
All edits will be recorded in both the Operation Log and System Log.
3.5 Deploy Policy
Description
This operation allows you to immediately push a Published Kiosk policy to its associated devices or device groups, ensuring the policy takes effect promptly on the device side. It is useful for first-time deployment, fixing policy delivery failures, or triggering manual sync.
The platform recalculates the policy stack based on the policy configuration and device status, and then pushes updates according to the appropriate delivery mechanism:
GMA Policies: Delivered via Google AMAPI. Once pushed, Google services manage the actual policy distribution.
KMA Policies: Pushed directly by KiwiCloud services. Delivery only occurs if the configuration has changed, avoiding redundant updates.
Notes
GP (Google Play) policy delivery depends on Google Management Services. Ensure AMAPI permissions and bindings are properly configured;
KC (KiwiCloud) policy will not be pushed again if there are no changes;
All push actions will trigger full policy stack recalculation on the target devices;
This operation only affects the device-side application of the policy, not its content;
All push events will be logged in the Operation Log and System Log;
Offline devices (GMA, KMA) will receive the policy once online; for IMA devices, policy instructions are cached temporarily and may expire if the device does not come online in time.
Steps
Go to the Policy Management Module
Open the Kiosk Policy module and filter for policies in the Published status;
Trigger the Deployment
Click Actions > Deploy Policy on the target policy row;
Confirm the Prompt
In the confirmation window, review the policy name and the message. Click Confirm to proceed;
Complete the Deployment
The system will immediately perform policy calculation and deliver it to the bound devices;
You can view the delivery results and timestamps in the System Log.
3.6 Disable Policy
Description
This operation is used to change a Published Kiosk policy to Disabled status. Once disabled, the system will automatically remove the corresponding policy modules from the policy stack on all associated devices, rendering the policy ineffective on the device side. However, the policy’s binding with devices or groups will be retained for future reactivation or archival.
This is applicable in scenarios where the policy is no longer needed, is being replaced by a new version, or needs to be temporarily suspended.
Notes
Only policies in "Published" status can be disabled;
Disabling a policy does not delete it — you may still edit, enable, or archive it later;
Once disabled, the system will immediately re-calculate the policy stack on all associated devices;
If no other valid policy modules exist for a device, the platform will attempt to push a default policy;
The policy will no longer be effective on any device but will retain version history and bindings;
All disable actions are recorded in the Operation Log and System Log for traceability.
Steps
Go to the Policy List
Open the Kiosk Policy module and filter for policies with a Published status;
Click Actions > Disable Policy on the target policy row;
Confirm Disable Action
A confirmation dialog will display the policy name and a warning message;
Click Confirm to proceed with disabling the policy;
System Execution
The policy status will change from Published to Disabled;
The system will remove the policy module from the policy stack of all associated devices;
The disable operation and results will be recorded in the Operation Log.
3.7 Enable Policy
Description
This operation is used to reactivate a Disabled Kiosk policy and restore its effectiveness on associated devices. Once enabled, the system will reintroduce the policy into the policy stack for all bound devices or device groups and immediately push the configuration to them.
This is suitable for scenarios where a policy was temporarily disabled and needs to be reactivated, or when a previously paused deployment is to be resumed. Upon enabling, the policy returns to the Published state and is synchronized to all associated devices according to its original configuration.
Notes
Only policies in "Disabled" status can be enabled;
No resubmission or approval is required; the policy will directly return to the Published state;
Enabling does not alter the policy content or version number;
Once enabled, the system will re-calculate the policy stack and re-distribute the configuration to all bound devices;
If a device is offline, the instructions will be cached and applied once it comes online;
All enable actions are recorded in both the Operation Log and System Log for auditing and traceability;
It is recommended to confirm the current device environment and policy configuration before enabling to avoid conflicts.
Steps
Go to the Policy List Page
Open the Kiosk Policy module;
Filter for policies with the Disabled status and locate the target policy;
Initiate the Enable Operation
Click Actions > Enable Policy in the right-hand column of the target policy;
Confirm the Prompt
In the confirmation dialog, verify the policy name and prompt details;
Click Confirm, and the system will execute the enable operation;
System Execution
The policy status will change to Published;
The system will re-integrate the policy into the stack of all associated devices;
Configurations such as applications, permissions, and restrictions will be re-synchronized as defined in the policy;
You can view logs of the enable operation and distribution status in the Logs section.
3.8 Archive
Description
This operation is used to mark a no-longer-used Kiosk policy as Archived, signaling the end of its lifecycle. Once archived, the policy is removed from the main policy list and can no longer be edited, enabled, or pushed. It is moved to the Archived tab for retention and auditing purposes.
Archived policies remain accessible from the “Archived” tab, where administrators can perform Restore or Delete operations for better lifecycle and version control.
Notes
Only policies in Disabled status can be archived;
Archived policies are excluded from policy stack calculations — they will not be pushed or applied to devices;
Upon archiving, all associations between the policy and its devices, groups, and apps will be removed;
Archived policies retain their original configuration and version history and can be restored for reuse if needed;
All archive actions are logged in both Operation Log and System Log for audit tracking.
Steps
Go to the Policy List Page
Open the Kiosk Policy module;
Filter for policies in Pending Review or Disabled status and locate the target policy;
Initiate the Archive Operation
Click the Actions button on the right side of the target policy, then select Archive from the dropdown menu;
Confirm the Prompt
In the confirmation dialog, verify the policy name;
Click Confirm, and the system will immediately archive the policy;
System Execution
The policy status will change to Archived;
The policy will no longer appear in the main policy list;
You can view the archived policy and its configuration from the Archived tab;
All archive operations will be recorded in the Operation Log.
3.9 Revert
Description
This operation restores a previously Archived Kiosk policy back to Draft status, allowing it to be edited and republished. After restoration, the policy retains all original configuration and version history, but device or device group bindings will not be automatically reverted and must be reconfigured manually.
The restored policy re-enters the policy lifecycle in draft status and can be modified, submitted, and reviewed again as needed.
Notes
Only policies in Archived status support the restore operation;
After restoration, the policy enters Draft status and must be submitted again before publishing;
Restoration does not alter the policy content or version information;
All restore actions are recorded in the Operation Log for audit purposes;
Restoring a policy does not re-establish push relationships to devices — manual resubmission is required.
Steps
Open the Archived Policy List
Go to the Kiosk Policy module;
Click the Archived tab to view all archived policies;
Initiate the Revert Operation
In the row of the target policy, click Actions > Revert;
System Execution
The policy status is updated to Draft and moved to the “All” policy list;
All configuration and version information remains unchanged;
You can now continue editing or submitting the policy.
Recommended Next Steps
To reuse the policy, go to the Draft list to complete editing and submission;
If the Kiosk Policy Approval Process is enabled, the restored policy will enter the Pending Review state after submission;
Once approved, the policy can be republished and pushed to devices.
3.10 Delete
Description
This operation is used to permanently delete Kiosk policy records in "Archived" status. The system performs a logical deletion — once deleted, the policy will no longer appear on any page and cannot be recovered.
The delete action is only available for policies in the “Archived” status and must be performed when there are no active device bindings. It is suitable for cleaning up obsolete or historical policy data.
Notes
Only policies in "Archived" status support deletion;
Deletion is irreversible — proceed with caution;
Once deleted, the policy will no longer appear in any policy list, and all log records related to it will also be removed;
If the policy might be reused, consider using Restore before deletion;
Deleting a policy does not affect existing configurations on devices, but it removes the ability to track the policy in the platform;
All delete actions will be recorded in the Operation Log, including the operator and timestamp.
Steps
Open the Archived Policy List
Go to the Kiosk Policy module;
Click the Archived tab and locate the target policy;
Initiate the Delete Operation
Click Actions > Delete on the target policy row;
Confirm Deletion Prompt
In the confirmation dialog, review the prompt content;
Click Confirm to permanently remove the policy record;
System Execution
The policy will be permanently deleted from the platform database;
It cannot be recovered by any means;
Deletion behavior can be traced in the Operation Log (retention duration depends on system settings).
4. Configuration Items
Kiosk policy configuration items are categorized based on device type (GMA / KMA) and follow a modular structure. Each module can be individually enabled or disabled. Once enabled, a module will participate in policy stacking and device-side calculation; if disabled, it is excluded from enforcement.
Modules are merged by name, and settings in the same module are combined using an overwrite strategy. The latest policy version takes precedence.
4.1 GMA Kiosk Policy Configuration Items
Configuration Item | Options / Description |
Non-compliance Handling | When enabled, if a device is detected to be non-compliant (e.g., system restrictions altered), the system will execute predefined actions such as "Disable Device" or "Factory Reset". This logic is centrally managed via System Settings → Compliance Settings, and the policy only acts as a trigger—not a controller of enforcement behavior. |
App Permissions | Controls how app permission requests (e.g., camera, location, file access) are handled. Options include Prompt User, Auto Grant, or Auto Deny. Overrides user choices to ensure consistent permission management and prevent accidental or improper permission usage. |
Accessibility Settings | For apps that rely on Android Accessibility Services, this setting specifies which services are allowed. Once enabled, the strategy will automatically activate the services on the device to minimize user involvement. Useful for apps requiring assistive input or auto-click functionality. |
App Configuration | For apps supporting Android Enterprise managed configurations, administrators can define parameters such as Slack workspace URL or default usernames. These settings will be pushed with the policy and applied automatically during app installation, improving deployment consistency and efficiency. |
Power Button Control | Controls whether the power button (e.g., shutdown, reboot) is allowed. Default is Disabled to prevent users from exiting the policy environment. - Allow: Power button functions normally; - Disable: User cannot shut down or reboot the device via the power button. |
System Error Dialog Box | Controls the visibility of system error pop-ups: - Show: System error dialogs are shown; - Shield: Suppresses all system error dialogs to avoid disrupting business operations. |
System Navigation | Configures the display of bottom navigation buttons: |
System Info & Notifications | Controls the behavior of the status bar and notifications: - Enable: Users can view status bar and notifications; |
Device Settings | Controls access to system settings: |
App Release Plan | Defines when the policy will be pushed: |
Device Deployment Scope | Defines which devices will receive the policy. Three options: |
4.2 KMA Kiosk Policy Configuration Items
Configuration Item | Options / Description |
Non-compliance Handling | Emergency actions executed when the device does not meet policy requirements (e.g., system restrictions modified). Defined in System Settings → Compliance Settings. Options include Disable Device or Factory Reset. |
App Version Selection | - Latest Version: Device automatically updates to the latest version when a new release is published. Updates use Immediate Update + Forced Installation + Wi-Fi First by default. - Specific Version: Updates only occur if the local version is lower than the specified one. |
Default Startup | Automatically launches the specified app at boot. If the default app is not yet installed, the system will install and launch it automatically. If the app is inactive for a set duration, it will be relaunched. Only one app can be set as the default launcher. |
Dynamic Permissions | Preconfigure specific system-level permissions to enhance app priority and background behavior. Includes options like: USB permission exemption, reboot suppression, silent install, accessibility auto-enable, LMK protection, floating window permission, etc. |
Exit Kiosk Password | Set a password to exit Kiosk mode, useful in offline, maintenance, or troubleshooting scenarios. Tap the screen with two fingers 8 times within 5 seconds to open the exit dialog, then enter the password. |
Power Button Control | Controls whether the power button (e.g., shutdown, reboot) is allowed. Default is Disabled to prevent users from exiting the policy environment. - Allow: Power button functions normally; - Disable: User cannot shut down or reboot the device via the power button. |
System Error Dialog Box | Controls the visibility of system error pop-ups: - Show: System error dialogs are shown; - Shield: Suppresses all system error dialogs to avoid disrupting business operations. |
System Navigation | Configures the display of bottom navigation buttons: |
System Info & Notifications | Controls the behavior of the status bar and notifications: - Enable: Users can view status bar and notifications; |
Device Settings | Controls access to system settings: |
App Release Plan | Defines when the policy will be pushed: |
Device Deployment Scope | Defines which devices will receive the policy. Three options: |