The fenced browser — approved sites only, sessions that clean themselves — turning any Android, iOS or Windows device into a secure web kiosk.
How it’s rated
Full scoreboard ↓Quick answer
SureFox is 42Gears' secure lockdown browser: it turns any Android, iOS or Windows device into a web kiosk restricted to approved websites only — no address-bar wandering, no downloads, no escape into the OS. Customer-facing web apps, field-force portals and public-access browsing run inside a fenced, brandable browser with session resets, scheduled behaviour and fleet-scale remote configuration via SureMDM. Like SureLock and SureVideo, it sells standalone and is bundled free inside every SureMDM plan.
This page covers SureFox — the secure browser. The rest of the 42Gears lineup:
Most product pages skip this. We start here — so you buy a capability, not a buzzword.
A secure browser (web kiosk) inverts normal browsing: instead of the open internet minus a blocklist, only approved sites exist. No address bar, no downloads, no escape into the OS — just the task.
SureFox adds the operational layer: kiosk-grade branding, idle-session resets, feature policies for legacy web apps, and fleet-scale configuration — across Android, iOS and Windows.
What consolidation actually replaces, dimension by dimension.
| Dimension | Open browser + hope | Fenced web kiosk (SureFox) |
|---|---|---|
| Reachable web | Everything, minus a blocklist users route around | Approved sites only — the rest doesn't exist |
| Previous visitor | Their email still logged in | Idle reset — every session starts clean |
| The address bar | An invitation | Absent unless policy grants it |
| Downloads | Malware's front door on public devices | Governed per fleet |
| Branding | A naked browser betraying the OS | Your logo, your layout, kiosk-grade |
| Policy changes | A visit per device | Fleet-wide push from SureMDM |
| Mixed platforms | Three browsers, three configs | Android, iOS, Windows — one policy |
| Cost shape | A separate kiosk-browser bill | Standalone OR free inside SureMDM plans |
Rollout is incremental — fence pilot devices first, map the redirect chains, then push fleet-wide.
Vendors love diagrams; buyers need to know what they’re actually operating. Here’s the whole platform, demystified.
A full browser engine wrapped in policy — approved URLs render normally, everything else simply doesn't exist.
Approved sites, wildcard rules and category boundaries — the reachable web defined centrally, per fleet or per device group.
Brandable full-screen UI with your logo and layout — no address bar, no tabs users shouldn't have, no browser chrome betraying the platform.
Idle timeouts wipe history, forms and logins — every customer starts from the home page with nobody's data left behind.
Allowlists, layouts and policies pushed fleet-wide from the SureMDM console — the browsing estate reconfigures in one evening.
One agent on every machine, one console over all of them — modules attach without a second operational world.
SureFox replaces open browsers on task devices — and the incident stream they generate — with a fence that holds.
The fence: allowlisted URLs and wildcard rules define the reachable web — everything else returns nothing, not a warning users click through.
Address bar, tabs, downloads and context menus exist only if policy says so — the browser's power features become admin decisions.
File movement governed per fleet — the public kiosk that can't download malware, the field device that can't leak documents.
Several approved portals side by side — the branch device that reaches the CRM, the intranet and the bank portal, and nothing else.
Your logo, colours and home layout — the hotel-lobby browser looks like the hotel, not like a naked webview.
History, cookies, forms and logins wiped after inactivity — every visitor inherits a clean browser, nobody inherits a stranger's banking tab.
Printing, JavaScript dialogs, pop-ups and media autoplay allowed or blocked per deployment — web-app quirks tamed centrally.
Different allowlists and layouts by time — the training portal during shifts, the survey page after close.
The same special-password guard as SureLock — users browse inside the fence and cannot move the fence.
Custom offline pages and auto-retry — the field device on patchy 4G degrades gracefully instead of showing browser errors.
Allowlists and layouts pushed from SureMDM to every device — the browsing policy of a 500-branch network changes in one evening.
Which sites, how long, on which devices — browsing behaviour reported for compliance and capacity planning.
Official demos — the setup, the sibling lockdown product and the console that pushes it all.
SureFox configured live — from open device to fenced web kiosk.
The app-lockdown sibling — SureFox fences the web, SureLock fences the apps.
The console that pushes SureFox policies fleet-wide.
Want a live, India-context walkthrough on your own fleet?
Book a guided demo →Here’s what genuinely sets SureFox apart from the alternatives.
Web filters block bad categories and argue about the grey zone. SureFox inverts it: only approved sites exist. For customer-facing and single-purpose devices, allowlisting is the only model that actually holds.
Idle-timeout resets wipe the previous visitor completely — the public kiosk where nobody inherits a stranger's logged-in email. This single feature retires a compliance headache.
Android tablets, iPads and Windows terminals fenced identically from one product — the mixed lobby fleet gets one browsing policy, not three implementations.
Printing, pop-ups, JS dialogs and media autoplay as central policies — the legacy web app that needs a pop-up works, and nothing else gets one.
Free inside every SureMDM plan alongside SureLock and SureVideo — the frontline trio arrives together, managed from one console.
The same bootstrapped, founder-run 42Gears behind it since 2009 — your browsing fence won't be sunset by an acquisition.
TechBag advisors map which devices need which portals — customer-facing, field, branch — and the approval lists per fleet.
SureFox on pilot devices with your real allowlists — including the legacy web app with the weird pop-up. Escape-testing encouraged.
Branded layouts, session policies and scheduled behaviours pushed from SureMDM, location by location.
Allowlist changes are minute-long pushes, sessions clean themselves, and the browsing estate stops generating tickets. TechBag handles renewals.
Trusted across frontline industries in 170+ countries
Modelled on Gartner Peer Insights structure. *Counts and breakdowns are illustrative pending verified review collection.
“Lobby iPads reach our booking portal and the city guide. Guests have tried everything else; everything else doesn't exist.”
“Branch tablets reach three approved portals. The session reset means no customer ever sees another customer's forms — our compliance team signed off in one meeting.”
“Field engineers get the job portal and the manuals site on patchy 4G. The custom offline page ended the 'is it broken?' calls.”
“Library computers went from daily incident reports to none. Allowlist plus session resets is the whole story.”
“We push allowlist changes from SureMDM to 300 devices at once. Adding an approved site takes a minute, not a maintenance window.”
“One legacy web app needed pop-ups and printing — both became per-fleet policies instead of per-device fiddling.”
“It was already in our SureMDM plan. We almost bought a separate kiosk-browser product before checking.”
“iOS support sealed it for us — the mixed iPad/Android lobby fleet gets one identical policy.”
Analyst firms bury this view behind paywalls, and G2 retired its Grid. So here’s TechBag’s synthesis of the secure browsing market — tap any vendor to see why it sits where it does.
Execution strength vs product vision — the classic market map, minus the paywall.
Three platforms, allowlist-native, fleet-managed and bundle-priced — this page's subject.
The grid nobody publishes — how tight the fence is vs how hard it is to build.
Deep fencing and session control at genuinely easy configuration — the balanced corner.
Positions are TechBag’s illustrative synthesis of public review-platform data and vendor documentation — not a reproduction of any analyst graphic. Verify before relying on it.
Deliberately cross-shaped: point products, managed Chrome and the enterprise browsers — with honest lanes for each.
| Dimension | SureFox | KioWare | SiteKiosk | Managed Chrome | Fully Kiosk Browser |
|---|---|---|---|---|---|
| Heritage & focus | Sure-suite secure browser | Kiosk software veteran | European kiosk veteran | Chrome + policies | Indie Android favourite |
| Platform coverage | Android + iOS + Windows | Windows + Android | Windows + Android | Everywhere Chrome runs | Android only |
| Allowlist fencing | Core model | Strong | Strong | Via policy sprawl | Good basics |
| Session hygiene | Idle resets built-in | Built-in | Built-in | Assemblable | Basic resets |
| Kiosk-grade branding | Full | Full | Full | It's Chrome | Decent |
| Fleet-scale management | Via SureMDM | Own tooling | Own tooling | Google Admin | Per-device-ish |
| Licensing economics | Free in SureMDM / cheap alone | Per-licence | Per-licence | Free-ish | Famously cheap |
| Best fit | Mixed fleets & SureMDM estates | Windows public kiosks | European public access | Workspace-run orgs | Small Android fleets |
Honest fit signals — because the fastest way to lose your trust is to pretend one product wins every scenario.
Drag the sliders. Estimates assume ~2 IT-hours per shared/task device per year on browsing incidents, cleanup and the tickets they raise, with ~60% removed by allowlist fencing and session resets — illustrative and conservative.
Loaded cost = salary + overheads per productive hour. Illustrative only — your TechBag quote models actual device counts and modules.
SureFox prices standalone per device — or arrives free inside SureMDM plans. TechBag models both paths in one GST-compliant quote.
Best for point web-kiosk projects
Best for managed fleets
Best for full frontline estates
Whatever the list prices above, TechBag negotiates a significantly better deal — with GST-compliant INR invoicing and local support. Ask us for your discounted quote.
Tell us your device counts and current tools — we’ll model it against what you spend today.
Take this into your next vendor call — including ours.
Hand the fenced device to your most creative user. Links inside approved sites, OAuth redirects, PDF viewers — probe every edge.
Test YOUR portals — especially the legacy one with pop-ups/printing. Feature policies must cover its quirks.
Set the idle reset, walk away logged in, and verify the next 'visitor' inherits nothing.
Payment gateways and SSO providers redirect through extra domains — map them into the allowlist before launch day.
Kill the network and look at the screen. A custom offline page beats a browser error in front of customers.
On (or considering) SureMDM? SureFox is included — check before buying any standalone browser product.
If iPads and Android tablets coexist, verify the policy renders identically on both.
Which usage data do you need for compliance reporting? Confirm it's captured.
Get a quote, scope a fence-drill trial with your real portals, or bring your device list and let a TechBag advisor pick the standalone-vs-bundle path.
Stats, ratings, review counts and pricing are illustrative and sourced from public materials; verify before purchase.