Menu

KPE functionality lost on Android - Others and Android Go devices after Android 10 upgrade

Environment

  • Knox SDK
  • Third-party MDM solutions
  • Android - Others, Android Go devices

Overview

Some UEM customers have reported that after upgrading their Android - Others or Android Go device from OS 9 to OS 10, the installed UEM application can no longer configure any applied Knox policies.

Cause

The affected devices do not have the "Secured by Knox" designation, including devices running the Android Go platform. You can identify whether your device belongs to this category by visiting Devices secured by Knox. If your device's model is listed under Android – Others or Android Go, it may not be compatible with Knox solutions due to partial or lack of hardware support.

In Android versions 9 and below, a software defect granted these non-supported devices KPE functionality. The error was corrected in Android 10, causing the loss of functionality on devices upgrading from Android 9 to 10.

Resolution

If you have devices without the Secured by Knox designation, please consult with your UEM provider wheher the following programmatic check for How to identify an Android Go or One UI Core device using the Knox SDK has been implemented.

My Samsung device without the "Secured by Knox" designation still has KPE functionality. How do I prevent the issue?

If your device is currently running Android 9 or below, and you enrolled it with an UEM application version lower than the one recommended by your UEM:

NOTEIf you're unsure of the UEM application version that was used when first enrolling the device, you can also follow the steps below.

  1. Unenroll or wipe your device from the UEM server to revoke all Knox policies applied on the device. Ensure you back up your data beforehand in case a factory reset is required.
  2. Update the UEM application to the latest version.
  3. Re-enroll your device to the UEM server. The application now correctly identifies that your device is running the Android - Others or Android Go platform, and manages it accordingly.

I have a Samsung device without the "Secured by Knox" designation that lost KPE functionality. How do I fix the issue?

  1. If you have not restricted the option to remove device admin privileges, navigate to your device's settings to manually remove device admin for the UEM application. This revokes all Knox restrictions set on the device.
  2. If you cannot remove device admin due to an applied policy, you can factory reset the device. Ensure you back up your data first.
  3. If factory reset is disabled on your device, contact your local Samsung service centre to diagnose the issue. If necessary, they can download a special binary to regain device control.
  4. Once the Knox policies are removed, re-enroll the device with the latest version of your UEM application. It then correctly identifies that your device is running the Android - Others or Android Go platform, and manages it accordingly.

Additional information

For a list of all Samsung devices that do not support the Knox Platform, see Android - Others and Android Go at Devices Secured by Knox.

Share it: