Restricted Knox SDK methods
Last updated October 10th, 2024
DA restricted methods
From Android 15 (Knox 3.11) onwards, apps must run as the Android Enterprise Device Owner (DO) of a fully-managed device, or the Profile Owner (PO) of a work profile, to access select Knox SDK features. Apps running purely in Device Administrator (DA) mode, without running as the DO or PO, do not meet these requirements and will lose access to the Knox SDK methods listed below.
This list is subject to change.
SDK Class | SDK Method(s) |
---|---|
EnterpriseDeviceManager | *setAdminRemovable(false) |
ApplicationPolicy | installApplication |
uninstallApplication | |
uninstallApplications | |
updateApplication | |
setApplicationStateList | |
setDisableApplication | |
setEnableApplication | |
setApplicationComponentState | |
setApplicationInstallationDisabled | |
setApplicationUninstallationDisabled | |
stopApp | |
startApp | |
addPackagesToPreventStartBlackList | |
addPackagesToDisableUpdateWhiteList | |
addPackagesToDisableUpdateBlackList | |
preventNewAdminInstallation | |
preventNewAdminActivation | |
addNewAdminActivationAppWhiteList | |
addAppPackageNameToBlackList | |
addPackageToWhiteList | |
CertificateProvisioning | deleteCertificateFromKeystore |
resetCredentialStorage | |
addPackagesToCertificateWhiteList | |
SystemManager | setHardKeyIntentBroadcast |
*setAdminRemovable(true) is not effected by this restriction.
Remote control methods
Remote control features provided by Knox SDK are restricted starting Android 15 (Knox 3.11). These classes will only be accessible to apps running as the DO or PO, or apps running within a DO or PO-managed environment, with authorization from the IT admin to access remote control features. The table below shows all remote control related classes and methods being restricted.
SDK Class | SDK method(s) |
---|---|
RemoteDesktop | All methods |
RemoteInjection | All methods |
Accessibility matrix
The following accessibility matrix shows the different levels of Knox SDK access available to apps of various management modes from Android 15 (Knox 3.11) onwards.
Knox SDK methods | AE (DO/PO) apps | DA mode apps | Other apps |
---|---|---|---|
DA restricted methods | Accessible | Not accessible | Not accessible |
Remote control methods | Accessible | *Accessible | *Accessible |
Other methods | Accessible | Accessible | Not accessible |
*Only within a DO/PO environment, with the IT admin’s permission.
On this page
Is this page helpful?