Why doesn't the Knox method "isActivePasswordSufficient" check for forbidden strings?

The API method isActivePasswordSufficient() checks for:

  • Max character occurrences
  • Max character sequence length
  • Max numeric sequence length

It does not check the following policies as we do not have raw password:

  • Forbidden strings
  • Patterns

This is due to the implementation of Android's Device Policy Manager, which checks only length if the password quality is less than or equal to AlphaNumeric. It considers other constraints like upper/lower case, symbols, letters, and non-letters only if password quality is set as Complex. It is not possible to change the Device Policy Manager.