Knox SDK frequently asked questions — Containers | Knox SDK

There are two methods. You can:

call an API to do a one-time check if a container exists
set up an intent to detect in real-time when container creation completes (recommended)

Call API

To check if a Knox container was created and to get the container ID, call this API method:

This API was introduced with the Knox Premium SDK v2.0 and is now implemented in the Knox SDK. This API method can be called by the app which created the container.

Set up intent

With the Knox SDK, you can register for the intent. This intent is sent after you create a container by calling the API method:

KnoxContainerManager.createContainer()

The intent is generated regardless of whether container creation succeeds or fails.

The intent uses CONTAINER_CREATION_STATUS_CODE to return either a:

positive non-zero value — This is a container ID.
negative value — This is an error code, as described in the Javadocs for createContainer.

The intent also uses CONTAINER_CREATION_REQUEST_ID so that you can match a createContainer request with a result.

Install the MDM agent in the personal space.
Create a Knox container.
Install the MDM agent inside the container as an admin.
Uninstall the MDM agent that was in the personal space.

Call the API method KnoxContainerManager.createContainer(String type, String adminPackageName) and pass the MDM agent as an adminPackage parameter. Once the container is created, it installs the MDM agent inside the container. Then, ownership of the container transfers from the creator to the admin inside the container. The creator of the container loses all claim on the container and cannot apply any of the policies. Hence true BYOD separation is achieved, as the admin resides only inside container.

After creating the container, you call the API method KnoxContainerManager.doSelfUninstall() to uninstall the device admin, thus removing the MDM agent from device.

Container only mode is an ultra-secure environment that does not allow movement to personal space, factory reset, or firmware recovery. The device is locked to the container.

The type of container that gets created depends on the string entered in the createContainer API method.

KnoxContainerManager.createContainer("knox-b2b-com") creates container only mode.

As factory reset and firmware recovery are disabled in container only mode, it is recommended to implement the KnoxContainerManager.removeContainer(containerId) API method as a safeguard to exit container.

Other than that, the only way to reset the device is to flash factory firmware on the device.

Flashing devices with the wrong firmware can result in a bricked device. Hence, it is recommended to take your device to a Samsung Kiosk or Samsung Store, where an expert can flash the correct build on the device for you.

This error occurs when KnoxContainerManager.createContainer(String type) API method returns: KnoxContainerManager.ERROR_INTERNAL_ERROR(-1014)

If the developer passes a type of argument that is not supported to KnoxContainerManager.createContainer(String type) while creating a container, it fails with error code (-1014). The default type is knox-b2b.

For more information, refer to the KnoxContainerManager class in Knox Premium SDK.

Knox SDK frequently asked questions — Containers

How does an app detect if a container was created using the Knox SDK?

How do I install the MDM agent inside the Knox container?

I have created a “container only mode” container and I am locked inside, using the Knox SDK. How do I exit?

Why do I get error KnoxContainerManager.ERROR_INTERNAL_ERROR(-1014) while creating a container?