4

I am using Chrome Managed Configurations to set a whitelist with this code in my policy:

{
    "packageName": "com.android.chrome",
    "managedConfiguration": {
        'URLBlacklist': ['*'],
        'URLWhitelist': ['chrome://*', 'google.com', 'stackoverflow.com'],
        'ForceGoogleSafeSearch': True,
        'NTPContentSuggestionsEnabled': False,
    }
}

Now, in the Chrome enterprise docs it says there is a way to apply the same settings to Android Web view with the com.android.browser:URLBlacklist restriction, but it does not explain where I would put this in my policy.

The following code does not work:

{
    "packageName": "com.android.chrome",
    "managedConfiguration": {
        'com.android.browser:URLBlacklist': ['reddit.com', 'youtube.com'],
        'com.android.browser:URLWhitelist': ['stackoverflow.com', 'google.com']
    }
}

It shows an error in chrome://policy on the phone.

com.android.browser is not even a real app.

Where do I need to use this com.android.browser:URLBlacklist to apply restrictions to all web views on the phone?

Levy Srugo
  • 115
  • 2
  • 9
  • Have you tried setting this configuration on `com.google.android.webview` instead of `com.android.chrome`? – Fred Nov 11 '19 at 16:36
  • 1
    @Fred That doesn't work. I can suggest two reasons why: 1) `com.google.android.webview` does not support managed configurations (per the Play Store for Work page). 2) Android System WebView is [disabled when Chrome is installed](https://android.stackexchange.com/questions/179613/is-it-better-to-use-android-system-webview-when-not-using-chrome-as-default-brow/179615#179615), so the blacklist would have to go through Chrome – Levy Srugo Nov 13 '19 at 03:07
  • Makes sense, so the configuration needs to be applied to `com.android.chrome`. Looking at [`AwPolicyProvider.java`](https://github.com/chromium/chromium/blob/master/android_webview/java/src/org/chromium/android_webview/policy/AwPolicyProvider.java), it seems Chrome removes the prefix before using the policy in a webview. Now it's unclear why your approach doesn't work. – Fred Nov 13 '19 at 12:31

1 Answers1

1

You have to set the blacklist/whitelist for each app individually.

For example:

{
    "packageName": "com.jetblue.JetBlueAndroid",
    "managedConfiguration": {
        'com.android.browser:URLBlacklist': ['*'],
        'com.android.browser:URLWhitelist': ['jetblue.com']
    }
}

This code blocks all domains within the JetBlue app besides for JetBlue.com

There are some things to be aware of: 1. Be careful not to block any domains the app needs to function (including login pages, etc.). 2. If an app uses a direct API to display content, not a web view, then these restrictions will not apply.

Levy Srugo
  • 115
  • 2
  • 9
  • 1
    One thing that I'm still wondering: Is there a built-in way to apply the restrictions to all apps? – Levy Srugo Nov 17 '19 at 03:16
  • 1
    There is a major bug in this feature. If a user taps a link in any app which opens Chrome, the page sometimes loads even if it is meant to be blocked. Any subsequent links on that page will be blocked correctly, but this is still a serious workaround. – Levy Srugo Nov 17 '19 at 03:19
  • 1
    com.android.browser:URLBl**a**cklist is now deprecated. [(Source.)](https://chromeenterprise.google/policies/?policy=URLBlacklist) It does not work anymore in modern versions of WebView. You must use com.android.browser:URLBl**o**cklist instead. Please [edit] your post. Thank you! – tealhill supports Monica Mar 19 '23 at 08:28