This post is meant as a warning to IT directors and school administrators in schools with 1-to-1 iPad implementation (especially if the students can take their iPads home).
There is some Chinese software going around call Tongbu which can allow iPad owners to bypass the built-in app store to acquire apps. Not only is this illegal and unethical, but it also opens up a huge security hole for any school trying to monitor the apps on their students’ iPads. These illegal installs do not require a jailbroken iPad and can occur on supposedly secure school iPads.
You can see a walkthrough of the process here. Now, obviously, I am not posting this in order to encourage theft. Stealing apps is illegal and incredibly insulting to the (mostly) small development teams that work so hard to create many of these apps. However, if you are going to patch up this security flaw at your school, you need to know how the flaw works.
We just did a post on iPad filtering, so refer to it for an in-depth walkthrough of different filtering options. But basically be sure to do the following steps:
Be sure your students’ iPads are being supervised by Configurator.
Be sure that Configurator and Meraki are set to NOT allow iPads to be connected to other computers.
Do a Google search for “Tongbu” and add every website on the first page of results to your internet filtering at your school (and, if possible, add “*tongbu*” as a blocked term altogether). Also, block the URL to that Youtube video I posted above.
Add these same blocked URLs and *tongbu* to your Weblock proxy attached to all the students’ iPads so this stuff is blocked outside of school as well.
And of course, enforce strict and severe disciplinary repercussions if you find any students that have still managed to work around all these security settings to install apps they shouldn’t have.
There are other services that offer this same feature. Do some research, hunt them down, and block them all!
When our school began its 1-to-1 iPad program for our fifth through eighth grade students, we were faced with the same decision every school faces: just how much do we lock down these devices? We had already written up a solid acceptable use policy (that all students and parents had to sign), we had robust internet filtering at the school, we could monitor the iPads via Meraki, we had turned on age restrictions for all features, and we had collected the appropriate insurance money for repairs. But we still had to decide: what do we lock down on the device itself? Facetime? iMessage? The App Store?
While internet content filtering is important, it doesn’t necessarily block advertisements embedded in websites, Google searches, YouTube videos, or inside apps. Most advertisements are harmless (but annoying), but do kids really need to be exposed to an onslaught of commercialism while at school? Many ads can disrupt classwork or might conflict with the school’s mission, vision, or code of ethics.
So we want to block the ads, but Safari on iOS doesn’t let you just download an AdBlock plugin like you would for a PC or Mac web browser. A few alternative browser apps have adblocking, but they aren’t the default and we can’t force students to use them. But don’t worry: we have a solution.
Having a group email list on my iPad is a real time saver. I can type a few letters of our school name in the “To:” files of my email and quickly get a list of groups I have created so I can send an email to a bunch of people at once. The initial set up of this is kinda confusing but pay attention and I'll walk you through it. Once it's done, however, you can easily edit it to keep it up to date and you can quickly share it. Do it once and it works for everyone. For large lists you'll want a computer with MS Word or Apple Pages installed.
So, it's hard to see in the pic but in a new message I have typed the first few letters of my school name and I already see “SCHOOL All & SCHOOL Teachers”. One is everyone that works at the school and one is just the teachers at the school. Creating the list is either super easy and fast or time consuming depending on your IT person. Continue reading →
I have requested an automated way to do this from Meraki, like, every M-F between 8-3, disable iMessage but nothing yet. That would also introduce problems with holidays and summers. So, I have a reminder set to tell me to turn it on and off every weekday and using the Mercury Browser on my iPad a Bookmark Bar link to quickly get in and out. (Mercury is good at saving passwords).
First things first. There is no 100% filter. You should have seen the stuff I got while trying to research slavery in America. Well maybe not see… Anyway, there are always going to be images that get by and what some consider inappropriate others call culture or art so… Good Luck.
OpenDNS has been around for years. I use it at the school for the quick no thinking behind it. After setting up an account, you just add their DNS address to your server or firewall and… Done. (Sort of…)
You can see here you have lots of categories to choose from. I found using the built in Low, Moderate or High, caused a lot of stuff through or simply not enough.