Public Safety LTE (PS LTE) Network


Knox 3.4 introduces support for Critical Communications, such as those over the Public Safety LTE (PS LTE) network. PS LTE is a vital service that allows emergency workers direct access to a reserved LTE network. This ensures that various emergency services are always able to communicate effectively at all times.

With Knox 3.4, you can configure the following for select pre-approved devices:

  • PS-LTE network
  • PS-LTE device
  • Mission Critical Push to Talk (MCPTT) solutions


The KPCC capabilities work only with:

  • Pre-approved PS LTE Emergency Service Network devices, running Knox 3.4 or higher.
    • Currently, this includes only the Samsung SM-G889F device.
    • Samsung provides the Knox API support on the device before purchase.
  • A new KPCC license key providing the permissions required to use the KPCC APIs

Supported mode: Work Managed Device (DO)

Knox 3.4 APIs

API Description Use case

Whitelist apps for the PS LTE network. Each individual app that needs access a restricted network must be set with this API.

You must define the app package, and the desired restricted network.

Give emergency services apps priority access to the PS LTE network.

For example, whitelist an internal police app to ensure that it maintains its connection to a network when public mobile bands are over loaded during an emergency.

setHardKeyIntentState Change the actions taken when hardware buttons on the side of a device are pressed. For example, pressing the volume up button launch the dialer, instead of modifying the device volume.


Once this API is set, pressing the power button preforms a "soft power cycle" rather than a "hard power cycle"

In times of emergencies, emergency services may require there to be no indication that the device is ON while continuing to transmit audio to a remote listener.

When establishing the Ambient listening call, when the device user powers off the device, the device simulates a shutdown sequence without actually powering off.


Use this API to change the default LTE Discontinuous Reception (DRX) value on a device.

You can set values lower (320 ms) or higher (2560 ms)

DRX values determine how often a device connects to the network to download packets. A higher DRX value means a device is checking less for packets per hour. A lower DRX value means a device is checking more packets per hour.


During emergencies, access to power can be limited. Help emergency services extend the battery life of their mobile device to maintain connection to a network for a longer period of time.

Extend the battery life of a mobile device with higher DRX values. Devices with higher DRX values don't connect to a network as often, which preserves the device's battery power.


This method gets the DRX value in the Telephony (RIL).

Note that the value returned may or may not be the same value set by setDrxValue() or getDrxValue.

While some DRX values may not be supported by the network, adding a Telephony layer can enable network compatibility.


This example uses allowRestrictedNetworkCapability() to add the Samsung Browser to a restricted network whitelist.

  1. Get a KPCC license key . Make sure you have activated your Knox SDK license in your app.
  2. In your AndroidManifest.xml file, declare the necessary permissions to access the desired Samsung APIs. For more information, read more about Declaring permissions in your manifest file.
  3. Use the following code snippet to whitelist an app to a restricted network.
    1. Create the EnterpriseDeviceManager object
    2. Access the KPCCManager class using the getKPCCManager method
    3. Call allowRestrictedNetworkCapability()
    4. Enter the required account settings:
      1. State: Allow access to the service by setting the state to ON
      2. Package name: insert the Samsung email package name
      3. Restricted network name: Enter the name of the restricted network you are allowing access to, for example:NetworkCapabilities.NET_CAPABILITY_CBS.

  4. try {
     EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
     KPCCManager kpcc = edm.getKPCCManager();
     kpcc.allowRestrictedNetworkCapability(KPCCManager.ON, "", NetworkCapabilities.NET_CAPABILITY_CBS);
    } catch (SecurityException e) {
     Log.w(TAG, "SecurityException:" + e);