Sandbox is a Web browsing app for iOS devices that restricts users to a predefined list of allowed websites (called a “whitelist”). Sandbox is a great solution for classrooms or kiosks where users should only be browsing specified sites. This may include a list of predefined news articles for students, or your company’s homepage for a kiosk in a visitors' center.
Sandbox allows you to…
If you want to apply the same settings to multiple devices more quickly, you can use a plist file to do so. See the section on Configuring Sandbox with a Property List File below.
Sandbox can be configured either through the Apple Settings application or through a custom plist file.
To configure an individual device, install Sandbox and then open the Settings application. Near the bottom of the first screen, you’ll find a section for Sandbox configuration options. Look in the Configuration Options section to learn more about each setting.
Sandbox enables users to configure the application using a Sandbox configuration plist file. This functionality is particularly useful to administrators who wish to configure Sandbox on multiple devices, relieving them from having to manually configure each device individually. To configure Sandbox with a configuration plist file, it is necessary to construct a Sandbox configuration property list file
(also known as a plist file). Property list files have the file extension ‘.plist’. A template configuration plist file is available at
Once a configuration plist has been created, administrators may now
easily load the profile onto many devices. Sandbox accommodates this through the use of a custom URL schema. Using Mobile Safari (or a link in an email, a webclip, etc.), navigate to
For example, floatsandbox://configuration/sandbox.floatlearning.com/exampleConfig.plist.
For your convenience, here are some sample Configuration files to get you started on setting up Sandbox:
A Sandbox configuration plist is an XML file that conforms to Apple’s Property List document type. The configuration plist must be valid XML, meaning it must begin with an XML-type declaration followed by a DOCTYPE declaration. Both of these lines may be copied from the profile template available on Float’s website.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> ... your settings parameters </dict> </plist>
The configuration plist itself is a collection of key-value pairs, each corresponding to a particular settings field within the application:
<key>key name</key> <string>string value</string> <key>key name</key> <integer>integer value</integer> <key>key name</key> <true />
Sandbox allows administrators to customize the user interface via manual or profile configurations:
This settings allows hiding of iOS’s default status bar. Set this value to true to show the status bar. Set it to false to hide the status bar. Its default value is true.
key: statusBarKey type: boolean default: <false/>
Set this value to
<true/> to disable the status bar.
Note: The status bar is an iOS default interface element. It is the upper-most interface element. This setting affects both iPhone and iPad versions of Sandbox.
This settings allows the hiding of Sandbox’s navigation bar. Set this value to true to show the navigation bar. Set it to false to hide the navigation bar. Its default value is true.
key: navBarKey type: boolean default: <false/>
Set this value to
<true/> to disable the navigation bar.
Note: The navigation bar is the bar that appears at the top of the Sandbox interface. This setting affects both iPhone and iPad versions of Sandbox.
This settings allows the hiding of Sandbox’s toolbar. Set this value to true to show the toolbar. Set it to false to hide the toolbar. Its default value is true.
key: toolBarKey type: boolean default: <false/>
Set this value to
<true/> to disable the toolbar.
Note: The toolbar is only used in the iPhone version of Sandbox. It is the interface at the bottom of the screen. The value of this setting will not affect the interface of Sandbox running on an iPad.
When a user attempts to visit a website blocked by Sandbox, the user is presented with the “restricted message.” This is the message that alerts the user that they are not being granted access to the URL they’re trying to access.
key: restrictedMessageKey type: string default: "Invalid permissions."
When the application launches, Sandbox will display the URL set in the start page setting. This is the first page users will see when interacting with a configured version of Sandbox.
key: startPageKey type: string default: (blank)
Sandbox has the ability to keep the device awake at all times. If the idle timer is enabled, the application will return to its home page when the time has elapsed.
key: idleRestartKey type: boolean default: <false/>
Set this to
<true/> if you want to enable Sandbox’s idle timer.
key: idleTimeKey type: integer default: 1
Set this value to the number of minutes Sandbox should wait before returning to its home page.
Sandbox has the ability to either retain its most recent state, or return to its home page if the application is exited and then resumed.
key: exitRestartKey type: boolean default: <false/>
Set this value to
<true/> if you want Sandbox to return to its home page if the application is interrupted and then returns to an active state.
Sandbox is governed by a “whitelist.” Only web resources validated against the whitelist will be displayed within the application. The whitelist is a list of approved domains under which content may be viewed. For example, if floatlearning.com is added to the whitelist, all content under floatlearning.com and its subdomains will be approved and loaded by Sandbox. Because the whitelist is a list, its data type is slightly more complex than those previously listed.
<array> <string>floatlearning.com</string> <string>cnn.com</string> </array>
The whitelist is an array of strings representing the hostnames of sites that the user may access.
key: whitelistKey type array default: (blank)
Enter all domains accessible to the user.
Note: This list can vary from one item to many items depending on the specific scenario in which Sandbox is implemented.
Sandbox also allows administrators to set bookmarks inside the application. If there are any bookmarks entered in the bookmarks list, the user can access the items by simply tapping the “bookmarks” button in Sandbox’s toolbar. If a site is bookmarked, it is automatically whitelisted. Users can always access bookmarked URLs. The bookmark setting is also of type array and should follow the same pattern as configurations of the whitelist key.
key: bookmarksKey type: array default: none
Enter all domains accessible to the user from Sandbox’s bookmarks button.
Note: The option to display the bookmarks list will be disabled if no bookmarks are included in this configuration.
After configuring Sandbox with a configuration plist, administrators will be presented the opportunity to lock any further changes to the application’s settings by means of a passcode.
If Sandbox successfully configures itself from a configuration plist, the administrator will be asked if they wish to set a four-digit passcode. If they answer yes, the application will securely store this passcode.
If any attempts to change Sandbox’s settings are made while protected by a passcode, the user will be alerted that their actions will not be saved unless they enter the correct passcode. Upon entering the correct passcode, any changes made will be saved to the application’s settings.
If an administrator attempts to configure Sandbox using a configuration plist after a passcode has been set, they will be presented with an opportunity to enter the security passcode. If the passcode entered is correct, Sandbox will configure itself with the new profile. If the password is incorrect, no changes will be made to Sandbox’s settings.
If an administrator forgets the passcode, Sandbox will be permanently locked. It will be necessary to delete Sandbox from the device and then reconfigure the application.
In order to effectively restrict Web browsing, you’ll likely want to restrict access to Safari (and perhaps other built-in apps such as the App Store or YouTube). You can do this by setting up Restrictions on the device.
These restrictions may also be set through a configuration profile (not to be confused with a configuration plist as used in Sandbox). A configuration profile may be easily created and distributed through the iPhone Configuration Utility.
Download this sample configuration plist.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>startPageKey</key> <string>ionagroup.com</string> <key>statusBarKey</key> <false/> <key>navBarKey</key> <false/> <key>toolBarKey</key> <false/> <key>restrictedMessageKey</key> <string>This is the restricted message.</string> <key>idleTimeKey</key> <integer>0</integer> <key>idleRestartKey</key> <false/> <key>exitRestartKey</key> <false/> <key>whitelistKey</key> <array> <string>floatlearning.com</string> </array> <key>bookmarksKey</key> <array> <string>google.com</string> </array> </dict> </plist>
Float’s team of experts combines strategy, mobile app development, and eLearning to guide organizations by harnessing the unique power of mobile technology. Founded in 2010, Float works with industry leaders such as Caterpillar Inc., Pioneer Hi-Bred, GROWMARK, and Wiley Publishing Inc. to strategize and develop mobile learning initiatives. To learn more, please visit floatlearning.com.
Copyright © 2013 Float Mobile Learning. All rights reserved.