FAQ

The Samsung Knox SDK is a consolidation of these Knox SDKs:

Knox Standard SDK
Knox Premium SDK
Knox Customization SDK
Knox ISV SDK
Knox UCM SDK
Knox VPN SDK

With the Samsung Knox SDK, there is one SDK package to download, one JAR library to import, one API reference documenting all methods, and one Developer Guide describing how to use all the SDK features. In addition to simplifying the developer experience, the Samsung Knox SDK also offers these improvements:

Namespace — All Samsung Knox SDK packages, intents, and permissions now have names in a single namespace: com.samsung.android.knox. Unifying the namespace simplifies the coding, troubleshooting, and support. Previously, there were two namespaces, which you should no longer use:
- android.app.enterprise — this one is in the Google namespace
- com.sec.enterprise/vpn — this one is in a lesser used Samsung Electronics namespace
Structure — API methods have been re-organized to better reflect their function. The API methods that were in the generic class called MiscPolicy have been moved into more appropriate classes. Some classes have been renamed. For example, Attestation is now called AttestationPolicy for more consistency with other class names.
Deprecation — API methods that were not being used or were duplicated across SDKs have been deprecated. This is to simplify the API set and ease usability. Although the deprecated API methods will still work with Samsung Knox SDK, we will no longer test them with future releases. For a list of these deprecated API methods, see Deprecated API methods.
Version — As the various replaced SDKs had different version numbers, the new consolidated Samsung Knox SDK identifies its release using its Android API level. The first Samsung Knox SDK release uses API level 24, which corresponds with Android v7 or Nougat.

See Knox version mapping for the most up to date comparison. To check the SDK version on your device, click Settings > About Phone > Software > Information > Knox > Version.

You can check the type of firmware by using this adb shell command: C:\Program Files\Android\android-sdk\platform-tools>adb shell

-shell@android:/ $ means your device firmware is a commercial build.
-shell@android:/ means your device firmware is an engineer build.

There are three types of deprecated API methods:

Replaced — This API method has been replaced by another. In the API Reference, these are indicated as follows:

public boolean addHomeShortcut (String pkgName)

This method is deprecated. Use addHomeShortcut(String, String)

Obsoleted — This API method is no longer used, but might still be backwards compatible. In the API Reference, these are indicated as follows:
```
public int getDeviceKnoxId ()

This method is deprecated.
```
Not supported — This API method will no longer work, and should be removed from apps.

We do not recommend that you use deprecated API methods. Although they may continue to be backwards compatible, there may be unexpected or unwanted behavior. Always replace the API methods that are no longer supported. Check Deprecated API methods and API reference for these methods.

After an API deprecation is announced, Samsung offers three stages of support:

Newly Deprecated — When an API is deprecated in a new Knox version, it will work normally for one year after the deprecation announcement. During this time, Samsung provides full technical support.
One year after deprecation — The deprecated API continues to be available, but satisfactory operation is not guaranteed. Samsung doesn’t fix any bugs or compatibility issues.
Two years after deprecation — The deprecated API may be removed from the SDK. Even if it is available, it might not behave as expected. We recommend that you look for alternative solutions when we announce the API deprecation. We suggest replacing the API method with alternatives within the first year after the deprecation as we provide full support for the deprecated APIs during that time.

To see the full list of deprecated API methods, see Deprecated API methods.

Credentials refer to:

Certificates — These identify a person or company that owns a device, app, website, etc. The certificate includes the public key used to encrypt data, and the signature of the authority that issued the certificate, so that the receiver can verify that the certificate is valid.
Private Keys — These are used to decrypt received data, for example, the signature on a certificate or private data received over a VPN.

Credentials need to be kept secret to prevent malicious parties from stealing identities and hijacking sensitive data.

To use an API, your device must support the SDK version in which the API was implemented or higher. To check the Knox SDK version that is supported on your device, you can use this API method. You can find the SDK version from which the API is supported in Javadoc. For example, the allowDeveloperMode() API method is available since MDM 5.0. If the value returned on your device is 5.0 or higher, you can successfully use the allowDeveloperMode() API method.

Yes, Google Play — along with Samsung Apps or private app stores — can be used to deploy Knox apps.

What is the Samsung Knox SDK?

What versions of Android support the Knox SDK?

How can I check if my device firmware is an engineering or commercial build?

What is a deprecated API method?

What kind of support is offered after an API is deprecated?

What are credentials?

Why do a few Knox SDK APIs not work on some devices?

Can Google Play used to deploy Knox apps?