Menu

Cannot download device binary due to MDM policy

Environment

Knox SDK

Overview

To prevent end users from changing the software binaries of their devices, some independent software vendors (ISVs) invoke the allowFirmwareRecovery(boolean) API to block device firmware updates through download mode, along with the allowFactoryReset(boolean) API to prevent end users from performing a device factory reset.

If these APIs are set through an MDM application, you may be unable to remove the policies and lose control of your device.

Cause

You may lose control of a device in the following situations:

  • The MDM application repeatedly crashes, so it cannot disable the policy set by the allowFirmwareRecovery(boolean) API.
  • The end user forgets the lockscreen password, so the MDM application cannot disable the policy set by the allowFirmwareRecovery(boolean) API.
  • The device cannot boot properly.

The only way to regain control of the device is to download a new binary, but this is not possible if allowFirmwareRecovery(false) and allowFactoryReset(false) are set through an MDM.

Resolution

Samsung can help you resolve the issue by downloading a new binary on your device. Contact your local Samsung service center, technical account manager, or submit a ticket through your Knox dashboard.

NOTECurrently, the binary fix only applies to devices with a Qualcomm chip.

Share it: