App management

This section provides information on how to manage apps using Knox Platform for Enterprise. Note that this is not an exhaustive list of all Knox features, but rather a starting point for IT Admins to use when deploying devices. Check with your MDM for a full list of supported features.

Action when apps are compromised

Knox can identify if an app on a device has been compromised. If it detects an app on the device is different than the one that was loaded through your MDM, the following actions can be taken.

  1. Stop app from running – prevents the app from being launched on the device.
  2. Uninstall – Uninstall the app from the device.
  3. Lock Device – Lock the device screen. Only IT administrators can unlock the device screen.
  4. Report Compliance – Send a message to the IT admin that a compromised app has been detected.
  5. Factory Reset + SD Card Initialization – Factory reset is performed on the device and the SD card is initialized.
  6. Factory Reset (Only) – Factory reset is performed on the device but the SD card is not initialized.

For example, there are the options you can choose if you are using Knox Manage.

Allow / block apps

Knox can control how apps work on your phone. You can prevent a user from installing or launching apps using the allowlist and blocklist.

App blocklist settings

App allowlist settings:

For example, this screenshot below:

Control Android Browser

Knox can enable or disable the native Android browser. This is useful if you have an internal solution that you require employees to use.

If you allow the Android browser, you can choose to control specific assets if needed. These include the following:

For example, in this screenshot below, the Android browser is allowed with some restrictions.

Managed Google Play

Managed Google Play (formerly called Google Play for Work) lets enterprises use a customized version of the Google Play store that has only apps approved for work.

Enterprises can:

Use case


Control Google Play

Knox allows you to disable Google Play on your devices. This combined with the policy disable app installation from unknown sources helps ensure that only approved apps pushed through an MDM are installed.

In this example below, we prevent users from installing apps from unknown sources and accessing the Play Store.

App push without Google Play

Knox can push a single app form an app store without requesting the user to install Google Play. In this example below, we are searching through Google Play to push an app to a device.

Push an APK with an MDM policy

You can push any APK to a device using your MDM. In this example below, we add the Samsung messaging app to our internal application repository. This is useful if you have internal apps that you need to install on your devices.