Good Mobile Access Secure Browser

Secure Browser is a relatively new part of the Good App for IOS devices that allows you to surf your intranet through your Good server in a similar way to MDS on the Blackberry.

Unlike MDS rather than using a special browser where all traffic is proxied through the Blackberry server, Good Secure Browser allows you to list the domains or sites that are allowed.   This is theoretically more secure than Blackberry because least privilege insists that you only allow access to what is needed.   I’ve seen some recommendations to firewall the Blackberry Enterprise Server so it can’t access just anything in the organization.

It seems the Secure Browsers allowed domains list is nothing more than a false sense of security.   The Secure Browser manual (which wasn’t available when this feature was first rolled out as a beta) says “if a user enters a non-fully qualified domain name such as http://info, the browser will connect to it by bypassing the domain suffix list that you have entered above.”    There really should be a checkbox for that.  Essentially enabling Secure Browser in Good allows all internal servers on any port.   I think this is a change.   I am pretty sure I tested this out before deploying the new feature and it didn’t work this way.   In my opinion this should be a checkbox – allow all non-fully qualified domains.   And this allowed domains should work  with these hostnames as well so they can be added individually.