Knox SDK frequently asked questions — API access restrictions | Knox SDK

From Android 15 (Knox 3.11) onwards, apps must run as the Android Enterprise Device Owner (DO) of a fully-managed device, or the Profile Owner (PO) of a work profile, to access select Knox SDK features. Apps running purely in Device Administrator (DA) mode, without running as the DO or PO, do not meet these requirements and will lose access to restricted API methods.

In addition, Remote control features provided by Knox SDK are also restricted starting Android 15 (Knox 3.11). These classes will only be accessible to apps running as the DO or PO, or apps running within a DO or PO-managed environment, with authorization from the IT admin to access remote control features.

For more information, see restricted API methods.

If your app runs purely in Device Administrator (DA) mode without running as the Device Owner (DO) or Profile Owner (PO), your app will no longer be able to use these restricted API methods with the release of Android 15 (Knox 3.11).

We encourage you to evaluate the impact of this change on your services, and plan accordingly to make migrations that may be necessary to maintain your applications.

We plan to gradually extend these API access restrictions with following releases of Android, until they apply to all methods in Knox SDK.

We will provide advanced notice with each change to help you maintain continuity for your business.

All valid Knox Platform for Enterprise licenses will remain active until the end of their terms. But when you want to renew your license key, you may be required to provide the business use case of your app package to generate and manage licenses on the Knox Developer Portal.

For more information, please see the related KBA: License keys page unavailable from the Knox Developer Portal.

If you find that the License keys page is unavailable on the Knox Developer Portal, you’ll need to provide the business use case of your app package to gain access to that page and continue to generate and manage Knox Platform for Enterprise licenses.

For more information, please see the related KBA: License keys page unavailable from the Knox Developer Portal.

Knox Platform for Enterprise on-premise license keys will not be affected by these restrictions.

If you are a UEM partner using Knox SDK, we strongly recommend that you to migrate to the Android Enterprise Device Owner (DO) and Profile Owner (PO) management modes to access the full range of Knox SDK and AE features.

When managed devices are updated to Android 15, all Knox policies that were applied prior to the update are maintained.

Device users must be able to remove policies by uninstalling the app that enforced them. As an app developer, you are responsible for allowing the device user to uninstall your app, and for removing Knox policies when your app is uninstalled.

You can remove individual policies using the methods provided for each feature in Knox SDK, and you can allow device users to remove the administrator and uninstall your app package using these methods:

EnterpriseDeviceManager.setAdminRemovable(true)
ApplicationPolicy.setApplicationUninstallationEnabled(packageName)

Knox SDK frequently asked questions — API access restrictions

What Knox SDK restrictions come with Android 15 (Knox 3.11) release?

How do these restrictions affect my apps using Knox SDK?

Will there be future Knox SDK restrictions?

Do these restrictions impact my existing Knox Platform for Enterprise licenses?

How can I generate and manage licenses on the Knox Developer Portal?

How do these restrictions impact my Knox Platform for Enterprise on-premise server licenses?

As a Knox partner, what actions do I need to take?

What happens to applied Knox policies after devices are updated to Android 15?

How can I support my app users in removing Knox policies from devices running Android 15 and higher?