Configuring access to websites on Android devices

You can use Web Protection to configure access of Android device users to websites. Web Protection supports website filtering by categories defined in Kaspersky Security Network cloud service. Filtering allows you to restrict user access to certain websites or categories of websites (for example, those from the "Gambling, lotteries, sweepstakes", or "Internet communication" categories). Web Protection also protects the personal data of users on the internet.

To enable Web Protection:

Web Protection on Android devices is supported only by Google Chrome, HUAWEI Browser, Samsung Internet Browser, and Yandex Browser.

If the Kaspersky Endpoint Security for Android app in device owner mode is not enabled as an Accessibility Features service, Web Protection is supported only by the Google Chrome browser and checks only the domain of a website. To allow other browsers (Samsung Internet Browser, Yandex Browser, and HUAWEI Browser) support Web Protection, enable Kaspersky Endpoint Security as an Accessibility Features service. This will also enable the Custom Tabs feature operation.

The Custom Tabs feature is supported by Google Chrome, HUAWEI Browser, and Samsung Internet Browser.

Web Protection for HUAWEI Browser, Samsung Internet Browser, and Yandex Browser does not block sites on a mobile device if a work profile is used and Web Protection is enabled only for the work profile.

Web Protection is enabled by default: user access to websites in the Phishing and Malware categories is blocked. On devices managed by the Kaspersky Endpoint Security for Android app in device owner mode, Web Protection is supported only by the Google Chrome browser and checks only the domain of a website. To allow other browsers (Samsung Internet Browser, Yandex Browser, and HUAWEI Browser) to support Web Protection, Kaspersky Endpoint Security must be enabled as an Accessibility Features service.

To configure the settings of the device user's access to websites:

  1. In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
  2. In the workspace of the group, select the Policies tab.
  3. Open the policy properties window by double-clicking any column.

    Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.

  4. In the policy Properties window, select the Web Protection.
  5. To use Web Protection, you or device user must read and accept the Statement regarding data processing for the purpose of using Web Protection (Web Protection Statement):
    1. Click the Web Protection Statement link at the top of the section.

      This opens Statement regarding data processing for purpose of using Web Protection window.

    2. Read and accept Privacy Policy by selecting the corresponding check box. To view Privacy Policy, click the Privacy Policy link.

      If you do not accept Privacy Policy, mobile device user can accept Privacy Policy in the Initial Configuration Wizard or in the app (ks4android_settings_buttonAboutTerms and conditionsPrivacy Policy).

    3. Select the Web Protection Statement acceptance mode:
      • I have read and accept the Web Protection Statement
      • Request acceptance of the Web Protection Statement from the device user
      • I do not accept the Web Protection Statement

        If you select I do not accept the Web Protection Statement, the Web Protection does not block sites on a mobile device. Mobile device user cannot enable Web Protection in the Kaspersky Endpoint Security.

    4. Click OK to close the window.

    Screenshot of Statement regarding data processing for purpose of using Web Protection window. Users can select to accept, request acceptance from the user, or decline the Web Protection Statement.

    Step 5. Accept the Statement regarding data processing for purpose of using Web Protection.

  6. Select the Enable Web Protection check box.
  7. If you want the app to check a full URL when opening a website in Custom Tabs, select the Check full URL when using Custom Tabs check box.

    Custom Tabs is an in-app browser that allows the user to view web pages without having to leave the app and switch to a full web browser version. This option provides better detection of a URL and its check against the configured Web Protection rules. If the check box is selected, Kaspersky Endpoint Security for Android opens the website in a full version of the browser and checks whole web address of the website. If the check box is cleared, Kaspersky Endpoint Security for Android checks only the domain of a website in Custom Tabs.

  8. Select one of the following options:
    • If you want the app to restrict user access to websites depending on their content, do the following:
      1. In the Web Protection section, in the drop-down list select Websites of selected categories are forbidden.
      2. Create a list of blocked categories by selecting check boxes next to the categories of websites to which the app will block access.

    Screenshot of the Web Protection section. You can select checkboxes for the categories of websites you want to block access to.

    Step 8. Web Protection section. Select the categories of websites to block access to.

    • If you want the app to allow or restrict user access only to websites specified by the administrator, do the following:
      1. In the Web Protection section, in the drop-down list select Only listed websites are allowed or Only listed websites are blocked.

        If Kaspersky Endpoint Security for Android is not set as an Accessibility feature, Web Protection may block an allowed website that loads some elements from a website with a domain that is not in the list of allowed domains.

      2. Create a list of websites by adding addresses of websites to which the app will allow or block access, depending on the value selected in the drop-down list. You can add websites by link (full URL, including the protocol, e.g. https://example.com).

        To make sure that the app allows or blocks access to the specified website in all supported versions of Google Chrome, HUAWEI Browser, Samsung Internet Browser, and Yandex Browser, include the same URL twice, once with the HTTP protocol (e.g., http://example.com) and once with the HTTPS protocol (e.g., https://example.com).

        For example:

        • https://example.com—The main page of the website is either allowed or blocked. This URL can only be accessed through the HTTPS protocol.
        • http://example.com—The main page of the website is either allowed or blocked, but only when accessed through the HTTP protocol. Other protocols like HTTPS are not affected.
        • https://example.com/page/index.html—Only the index.html page of the website will be allowed or blocked. The rest of the website is not affected by this entry.

        The app also supports regular expressions. When entering the address of an allowed or blocked website, use the following templates:

        • https://example\.com/.*—This template blocks or allows all child pages of the website, accessed via the HTTPS protocol (for example, https://example.com/about).
        • https?://example\.com/.*—This template blocks or allows all child pages of the website, accessed via both the HTTP and HTTPS protocols.
        • https?://.*\.example\.com—This template blocks or allows all subdomain pages of the website (e.g., https://pictures.example.com).
        • https?://example\.com/[abc]/.*—This template blocks or allows all child pages of the website where the URL path begins with 'a', 'b', or 'c' as the first directory (e.g., https://example.com/b/about).
        • https?://\w{3,5}.example\.com/.*—This template blocks or allows all child pages of the website where the subdomain consists of a word with 3 to 5 characters (e.g., http://abde.example.com/about).

        Use the expression https? to select both the HTTP and HTTPS protocols. For more details on regular expressions, please refer to the Oracle Technical Support website.

    Screenshot of the Web Protection section with a drop-down list on the 'Only listed websites are allowed' option. You can add website addresses to the list of websites you want to allow access to.

    Step 9. Web Protection section. Specify the list of websites to allow access to.

    • If you want the app to block user access to all websites, in the Web Protection section, in the drop-down list, select All websites are blocked.
  9. To lift content-based restrictions on user access to websites, clear the Enable Web Protection check box.
  10. Click the Apply button to save the changes you have made.

Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.

Managing the website list

You can manage the list of websites with the following buttons:

Page top