Our school has had to disable App Inventor's MIT AI2 Companion from running on all school devices due to its ability to bypass our firewalls.
Through use of the Web Viewer component, a student can make an app that runs a web browser with unrestricted internet access. Only connections that are IP Banned are inaccessible, as opposed to sites filtered through applications like Deledao. This allows students to watch YouTube, play games, and access other filtered content on school devices with only a few clicks.
I am hoping the App Inventor team can address this issue, as two months of my curriculum depend on this website. Currently, I am still able to use the website with my students, but they need to use out of school devices to run their code. This is not a feasible long term solution, as phones are being banned in our school, and some students do not bring phones to school at all. I simply am not able to expect students to have their own devices to access my curriculum.
I am hoping the App Inventor team could consider adding a 'managed' version where we can have school accounts enrolled with settings (to disable the Web Viewer for example). Another potential solution could be to create a chrome PWA version that runs from the Chrome web browser so filtering would be pushed through the applications the students create.
If this isn't the right place to ask, sorry for the trouble. I have really been enjoying App Inventor, and I am hoping I will still have access to it in the years to come.
I get your point, and I think the idea of an “admin-type” role that lets educators disable certain components is actually really smart. I truly hope the AI2 team takes note of this suggestion .
Now, here’s my personal take as a developer, client, and entrepreneur and this applies to any platform, whether educational, personal, or commercial: it shouldn’t be the platform’s job to fix problems caused by users misusing it. If we start down that road, there’ll always be someone asking for changes here, restrictions there… The real issue isn’t the tool it’s how people choose to use it. Can you imagine if platforms had to bend to every user’s whim? We’d never stop making changes!
In my view, many of these requests aren’t about actual security flaws they’re about institutions wanting control they neither need nor should expect from the platform. The real challenge lies with the staff often, they simply lack the capacity or training to properly manage and guide how these tools are used in their educational or organizational context.
I understand your point, but I do have some disagreements with it. I don't believe developers need to bend to every whim of every client, but I think it is valuable to hear feedback from clients and make adjustments if there are legitimate points, even if the point was discovered through misuse.
There is nothing I can do to remedy this sittuation as my IT department blocked the service due to this issue. My school's IT department claims there is nothing they can do unless the aforementioned suggestions were implemented. So at this point my only recourse is to speak with the platform.
I also disagree that this is not a security flaw. This app allows students to easily bypass web filters. Controlling the students is one thing, but the sites they access in this way could also harvest user data or violate other student protection laws (which is why we had to ban it). I understand what you mean though. I do think this is ultimately on the school to properly implement the distribution of the software, but according to my school, that is not possible. If you know of a way my school could properly use this app that wouldn't be a security issue, that would genuinely be very helpful.
Apologies if any of this comes off as confrontational. I think we largely agree on these issues! Unfortunately, I do think this is a big issue worth suggesting, and worth fixing on the platforms end. I'm glad you also appreciate the component blocking feature (fingers crossed it gets implemented).
