Firewall deny rule not working on newer versions of Google Chrome
In my company's MDM product we have a functionality to restrict URLs that Google Chrome can access. We use the Firewall class from the KNOX SDK to implement this functionality. Our implementation is similar to the example shown in the following documentation:
Our deny rule is declared as follows
// Deny list , domains to block List<String> denyList = new ArrayList<String>(); denyList.add("*");
The allow rule enables only the company's domain, such as
// Allow list, domains to allow List<String> allowList = new ArrayList<String>(); allowList.add("*customerdomain.com");
I'm currently testing with a Galaxy Tab A (SM-P355M) with Android 7.1.1 and Knox 2.8, but the following misbehavior occurs in all Samsung devices with Android 7 and higher we have in our Lab.
When I'm using the stock version of Google Chome that comes with the device (60.0.3112.116) the functionality works like a charm. I receive a DNS_PROBE_FINISHED_NXDOMAIN error for blocked URLs.
But when I use the most recent version of Google Chrome from the Play Strore (at this date 71.0.3578.99) all the configuration is simply ignored, and Google Chrome has unrestricted access to any URL.
Somewhere between version 60 and 71 this functionallity stopped working. But how can Google Chrome app bypass a firewall rule?
Is this a bug on the SDK? Is there a workaround to avoid this problem? Any contributions on that?