Restricted Knox SDK methods
Last updated June 7th, 2024
DA restricted methods
From Android 15 (Knox 3.11) onwards, apps must run as the Android Enterprise Device Owner (DO) of a fully-managed device, or the Profile Owner (PO) of a work profile, to access select Knox SDK features. Apps running purely in Device Administrator (DA) mode, without running as the DO or PO, do not meet these requirements and will lose access to the Knox SDK methods listed below.
This list is subject to change.
| SDK Class | SDK Method(s) |
|---|---|
| EnterpriseDeviceManager | setAdminRemovable |
| ApplicationPolicy | installApplication |
| uninstallApplication | |
| uninstallApplications | |
| updateApplication | |
| setApplicationStateList | |
| setApplicationComponentState | |
| setApplicationInstallationDisabled | |
| setApplicationUninstallationDisabled | |
| stopApp | |
| startApp | |
| addPackagesToPreventStartBlackList | |
| addPackagesToDisableUpdateWhiteList | |
| addPackagesToDisableUpdateBlackList | |
| preventNewAdminInstallation | |
| preventNewAdminActivation | |
| addNewAdminActivationAppWhiteList | |
| addAppPackageNameToBlackList | |
| addPackageToWhiteList | |
| CertificateProvisioning | deleteCertificateFromKeystore |
| resetCredentialStorage | |
| addPackagesToCertificateWhiteList | |
| SystemManager | setHardKeyIntentBroadcast |
Remote control methods
Remote control features provided by Knox SDK are restricted starting Android 15 (Knox 3.11). These classes will only be accessible to apps running as the DO or PO, or apps running within a DO or PO-managed environment, with authorization from the IT admin to access remote control features. The table below shows all remote control related classes and methods being restricted.
| SDK Class | SDK method(s) |
|---|---|
| RemoteDesktop | All methods |
| RemoteInjection | All methods |
Accessibility matrix
The following accessibility matrix shows the different levels of Knox SDK access available to apps of various management modes from Android 15 (Knox 3.11) onwards.
| Knox SDK methods | AE (DO/PO) apps | DA mode apps | Other apps |
|---|---|---|---|
| DA restricted methods | Accessible | Not accessible | Not accessible |
| Remote control methods | Accessible | 1Accessible | 1Accessible |
| Other methods | Accessible | Accessible | Not accessible |
1Only within DO/PO environment, with IT admin’s permission.
On this page
Is this page helpful?