Knox SDK 3.0 release notes
Last updated March 6th, 2024
January 2018
This Samsung Knox SDK v3.0 release provides significant improvements to the developer experience as well as powerful new features, which are described below.
Samsung Knox SDK
The new Samsung Knox SDK combines, refactors, and enhances these Samsung Knox SDKs:
- Knox Standard
- Knox Premium
- Knox Customization
- Knox ISV
There is now only Samsung Knox SDK package to download, one JAR library to import, one API reference to search for API methods, and one Developer Guide describing how to use the SDK features. This new SDK also consolidates the following:
-
Version — As the merged SDKs had different SDK version numbers, the new Knox SDK uses a single 3.0 version number and Knox API level 24. The Knox API level is similar to the Android API level. Each Knox SDK version has been mapped to this Knox API level. To find the API level supported by a device, call the API method EnterpriseDeviceManager.getApiLevel. In the device Settings > Device > Software Info, the Knox version now shows this Knox API level.
-
Namespace — All Samsung Knox SDK packages, intents, and permissions now use this namespace:
com.samsung.android.knox
. Previously, there were multiple namespaces, including one in the Google domain (android.app.enterprise
). Unifying the namespace simplifies coding, troubleshooting, and support, and removes the possibility of future overlaps with Google. -
Structure — API methods have been re-organized for better discoverability and renamed for consistency. The API methods that were in the generic class called
MiscPolicy
have been moved into more appropriate classes. Some classes have been renamed. For example,Attestation
is now calledAttestationPolicy
for more consistency with other class names. -
Deprecation — In the new consolidated Knox SDK, we have removed API methods that were already deprecated in the legacy Knox Standard, Premium, Customization, and ISV SDKs. We’ve also removed API methods that were duplicated across legacy SDKs or not being used as indicated by our analytics. This was to streamline the new Knox SDK and ease usability moving forward. The Knox 3.0 platform installed on devices still supports these deprecated API methods. However, we discourage using these API methods as we will likely remove support for them in the near future. For a list of the deprecated API methods, see the Samsung Knox SDK Migration Guide.
For more about updating namespaces and replacing deprecated API methods for this new consolidated Knox SDK, see the Samsung Knox SDK Migration Guide and Knox SDK Sample Apps.
Knox Platform for Enterprise (KPE) license key
Knox 3.0 uses a Beta version of a new consolidated Knox Platform for Enterprise (KPE) license key, which is designed to replace the following licenses.
-
ELM — Enterprise License Management. This license gives developers access to the enterprise-grade Knox Standard SDK.
-
ISV — Independent Software Vendor. This license gives developers access to basic security features in the Knox ISV SDK.
-
KLM — Knox License Management. This license gives developers access to paid features in the Knox Premium and Knox Customization SDKs.
There 2 types of Samsung License:
-
Development — Gives you access to all features in the Knox SDK, but only on a limited number of devices and for a limited time period. This is meant for testing purposes only. You can get this Development license through the SEAP portal.
-
Commercial — When you are ready to release an app on many devices for a longer time period, you use a Commercial license. If your app uses:
-
only free features (in other words, those that were in the Knox Standard and ISV SDKs) — You can generate a Commercial Knox Platform for Enterprise (KPE) license key from the SEAP Portal.
-
paid features (that were in Knox Premium and Knox Customization SDKs) — An authorized Knox Reseller or EMM Vendor buys Commercial licenses from the Global Samsung Business Network (GSBN). They do so on behalf of each enterprise customer so that license activations can be tracked and billed separately.
-
Knox 3.0 also introduces Android-style permission declaration. You can optionally declare at a granular level the permissions that your app needs to call API methods in the Knox SDK. This is to tighten security, by limiting what an app can do. To use this new permissions model, update your Android manifest file (AndroidManifest.xml)
to include these tags:
<meta-data
— to enable Knox selective permissions`- For example —
<meta-data android:name="com.samsung.knoxlicensing.permissions" android:value="true"/
- not required for KPE. Optional for ELM & KLM.
- For example —
<uses-permission
— to declare each permission used by the app`- for example —
<uses-permission android:name="com.samsung.android.knox.premission.KNOX_HW_CONTROL"/
- for example —
Here is a sample manifest file:
To find out which permission is needed by an API method, see the Knox SDK API reference. For example, the com.samsung.android.knox.permission.KNOX_CONTAINER
permission can be found in createContainer
.
See also:
-
License Keys — to generate a license and see what permissions (free or paid) you get with the license
-
Knox licenses — for more about the new Knox Platform for Enterprise (KPE) license key
New Knox Workspace container architecture
We’ve updated the Knox Platform for Enterprise solution with a new Workspace container architecture to enhance user experience.
- Knox APIs can now control Android Work profiles.
- Android Work Profiles can easily be upgraded to Knox Workspace without wiping your device.
As part of this change, customers can leverage Knox features and APIs on Android’s Work Profile and Work Managed Device modes. The:
- Profile Owner can activate a Knox License and leverage Knox features on Android Work Profile
- Device Owner can activate a Knox License and leverage Knox features on Android Work Managed Device
For an example of how to apply a Knox license to a work profile, see this Tutorial.
Network Platform Analytics
This feature enables the real-time monitoring of a network flow behaviours without granting access to all network data. Using NPA has much better privacy claims than using VPN or proxy technology alternatives to analyse traffic. In addition, NPA can provide more granular data than VPN or web proxy solutions. Management apps, such as MDM clients, can call NPA APIs to register a network analyser to collect metadata about network data flows. Once registered, the analyser then receives flow details that allow the app to analyse network patterns without exposing the analyser to sensitive network data such as plaintext passwords, business documents, or employee communications.
Knox 3.0 introduces these new features:
- Full IPv6 support
- DNS lookups are now associated with the app that requested them
- Parent process hash is now included in the netflow data
For more about network data collection, see EnterpriseKnoxManager.getNetworkAnalytics and KnoxContainerManager.getNetworkAnalytics. For more about the data that can be collected, see NetworkAnalytics and NetworkAnalyticsConstants.
For more about network data collection, see EnterpriseKnoxManager.getNetworkAnalytics and KnoxContainerManager.getNetworkAnalytics. For more about the data that can be collected, see NetworkAnalytics and NetworkAnalyticsConstants.
Device Customization
The Knox SDK lets Systems Integrators develop an Android app that restricts what users can do on a device. You can configure new features as they release on new Samsung devices and Android versions. This is designed for System Integrators who need an extra level of configurability on the Samsung Android platform.
With Version 3.0 of the Knox SDK, you can configure features in the Android 8.0 Oreo release:
-
Hard key remapping (setHardKeyIntentState, getHardKeyIntentState) — Controls whether or not the pressing of a particular hard key (power, volume up, volume down, home, back, menu) broadcasts an intent, which can be handled by the registered broadcast receivers. This feature was previously supported only in ProKiosk mode, through the API package
com.samsung.android.knox.custom.ProKioskManager
, but is now also available outside of ProKiosk mode, throughcom.samsung.android.knox.custom.SystemManager.
-
Home screen mode (setHomeScreenMode, getHomeScreenMode) — Selects whether a device supports:
-
Home screen only — The home screen is the only place where you can launch apps, and can’t be deleted unless there are no app shortcuts on it.
-
Home screen with separate app launcher screens — The home screen page can be deleted because the app launcher screens also display all app shortcuts that are on the home screen.
-
Deprecated API Methods
The following API methods have been deprecated in this release:
API Class | Deprecated API Method | Reason |
---|---|---|
SettingsManager |
set/getBluetoothVisibilityTimeout setUnknownSourcesState setWifiNetworkNotificationState |
Outdated feature |
SystemManager | copyAdbLog set/getBootAnimation set/getCheckCoverPopupState set/getShutdownAnimation set/getWifiConnectedMessageState |
Outdated feature |
The following API methods will be deprecated from the Knox SDK within a year. Please prepare to stop using these as well.
API Class | To be deprecated | Reason |
---|---|---|
AdvancedRestrictionPolicy | enableODETrustedBootVerification isODETrustedBootVerificationEnabled |
Overlap with Android APIs |
RestrictionPolicy | enableWearablePolicy isWearablePolicyEnabled |
Low usage |
SettingsManager | set/getBackupRestoreState set/getChargingLEDState set/getLTESettingState set/getWifiFrequencyBand |
Low usage |
SystemManager | getToastGravityXOffset getToastGravityYOffset sendDtmfTone set/getInfraredState set/getToastGravity set/getToastGravityEnabledState set/getToastShowPackageNameState set/getVolumeButtonRotationState |
Low usage |
Also note the following:
-
Consolidated (One) SDK — API methods were deprecated due to redundancy across SDKs or low usage. For a full list of these API methods, see the Samsung Knox SDK Migration Guide.
-
Unification — API methods were deprecated due to overlap with Android Enterprise.
For more information
To learn more about the Knox SDK, check out these resources:
- Samsung Knox SDK landing page
- Samsung Knox SDK FAQs
- Samsung Knox SDK Sample Apps
- Samsung Knox SDK API reference
- Samsung Knox SDK Developer Guides
On this page
Is this page helpful?