Back to top

Restricted Knox SDK methods

Last updated October 10th, 2024

DA restricted methods

From Android 15 (Knox 3.11) onwards, apps must run as the Android Enterprise Device Owner (DO) of a fully-managed device, or the Profile Owner (PO) of a work profile, to access select Knox SDK features. Apps running purely in Device Administrator (DA) mode, without running as the DO or PO, do not meet these requirements and will lose access to the Knox SDK methods listed below.

This list is subject to change.

SDK Class SDK Method(s)
EnterpriseDeviceManager *setAdminRemovable(false)
ApplicationPolicy installApplication
uninstallApplication
uninstallApplications
updateApplication
setApplicationStateList
setDisableApplication
setEnableApplication
setApplicationComponentState
setApplicationInstallationDisabled
setApplicationUninstallationDisabled
stopApp
startApp
addPackagesToPreventStartBlackList
addPackagesToDisableUpdateWhiteList
addPackagesToDisableUpdateBlackList
preventNewAdminInstallation
preventNewAdminActivation
addNewAdminActivationAppWhiteList
addAppPackageNameToBlackList
addPackageToWhiteList
CertificateProvisioning deleteCertificateFromKeystore
resetCredentialStorage
addPackagesToCertificateWhiteList
SystemManager setHardKeyIntentBroadcast

*setAdminRemovable(true) is not effected by this restriction.

Remote control methods

Remote control features provided by Knox SDK are restricted starting Android 15 (Knox 3.11). These classes will only be accessible to apps running as the DO or PO, or apps running within a DO or PO-managed environment, with authorization from the IT admin to access remote control features. The table below shows all remote control related classes and methods being restricted.

SDK Class SDK method(s)
RemoteDesktop All methods
RemoteInjection All methods

Accessibility matrix

The following accessibility matrix shows the different levels of Knox SDK access available to apps of various management modes from Android 15 (Knox 3.11) onwards.

Knox SDK methods AE (DO/PO) apps DA mode apps Other apps
DA restricted methods Accessible Not accessible Not accessible
Remote control methods Accessible *Accessible *Accessible
Other methods Accessible Accessible Not accessible

*Only within a DO/PO environment, with the IT admin’s permission.

Is this page helpful?