Back to top

Knox SDK 3.7 release notes

Last updated March 6th, 2024

September 2020 — Early Access Test

The Knox 3.7 platform introduces these new features:

  • Work profile on company-owned devices
  • Device owner with app separation
  • Lock screen enhancements
  • Deep Settings customization
  • Bug fixes and feature enhancements

As with past releases, new features are offered through either the:

  • Knox Service Plugin (KSP), which provides new features on the day of release to IT admins using UEM solutions supporting KSP, or

  • Knox SDK, to provide more powerful programmatic and integrated control to developers creating app solutions

  • Knox platform, which is factory-installed on Samsung Knox devices

Read on to find out more about how you can benefit from the new features.

Work profile on company-owned devices

Google’s Android 11 release:

To migrate to the new work profile on company-owned devices, see:

  • Work profile on company-owned devices — Describes what’s changing and how existing fully managed devices with work profiles will migrate during an Android 11 upgrade.

  • Prepare Knox for Android 11 — Describes what happens with KSP, VPNs, NPA, firewalls, global proxies, Samsung Email, SDP, Audit Logs, DualDAR, UCM, and E-FOTA with an upgrade to Android 11, and what to do to migrate successfully. Also describes

  • Knox APIs in the personal profile — Lists the Knox APIs that can still be called on the personal profile of a company-owned device running Android 11.

For personal profile management, the profile owner of a work profile on company-owned devices must first create a parent instance before calling a Knox policy. Use either of the following new API methods:

To call the new API methods:

EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
ApplicationPolicy obj = edm.getApplicationPolicy();
// Call Knox policy for parent

EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
AdvancedRestrictionPolicy obj =  ekm.getAdvancedRestrictionPolicy();
// Call Knox policy for parent

Device owner with app separation

There are some limitations with the new work profile on company-owned devices. For example, customers might want:

  • Password reset on the device
  • Mobile Threat Defense solution in user0
  • General visibility and control of DNS filtering, APN, and so on

Enterprises can migrate to a new Samsung-exclusive mode — device owner with app separation. In this mode, the enterprise continues to have full visibility and control over their company-owned devices with work apps separated through a lightweight container.

Set up this new mode through the Knox Service Plugin (release at end of September).

Lock screen enhancements

This release offers several customer-requested enhancements to the lock screen:

Feature Issue Enhancement
Admin lock on Knox license expiry When a license is expires, the device or the profile is immediately admin locked from a security and management point of view. The users can use the existing device or profile under the policies.
Admin lock on maximum failed passwords The device is admin locked when a user fails 5 times (assuming the maximum failed password count is 5). The profile (PO) will be admin locked or wiped instead of device locked when user fails 5 times.
Face unlock for work profile Lack of face unlock to open a work profile. Face authentication allowed for profile owner. There will be a new API to enable or disable this feature.
Advanced access control for work profile When a work profile is unlocked, unauthorized people can easily access the data inside the profile at any time. When a non-registered user (who is not the owner) is detected, the profile is locked automatically base on face authentication. There will be a new API to enable or disable this feature.

Deep Settings customization

This release expands the list of deep settings introduced with Knox 3.4, delivering options to configure the following Settings options through the Knox Service Plugin.

Setting Description
Hardware key remapping

Ruggedized devices such as the XCover Pro expand their key remapping capabilities, supporting:

  • Keys: Xcover, Top, Side, Hook(ear-set) key
  • Events: short, long press, and double press
  • Actions: App launch, Activity launch
Side Key setting The new Side key, which combines the Power and Bixby keys, can now be enabled or disabled in the Settings.
APN change disabling APN can now be disabled or grayed out in the Settings.
Dual SIM management Devices with dual SIMs can now configure preferred SIM cards for each call, SMS, and data. While the SIM manager is configured through deep settings, the e-sim menu will be disabled automatically.

Each KSP release introduces additional deep settings so you are encouraged to browse the KSP release notes or KSP policy schema for all the latest capabilities.

Bug fixes and feature enhancements

The release fixes the following customer-reported bugs:

Bug Issue Fix
Ownership transfer for DPM In the case of a profile owner, a work profile is removed when an IT admin tries to transfer ownership using the API DPM.transferOwnership API. Ownership migration is now supported
Filter data traffic for tethering using Firewall Samsung devices provide an enhance Knox firewall, but the policy does not affect tethered devices such as laptops and tablets. The Knox firewall policy now includes tethered devices.
Ultra-wideband control UWB was introduced with the Galaxy Note20 but IT admins could not control it. There will be a new Knox API to enable and disable UWB.


For more information

To learn more about the Knox SDK, check out these resources:

Back to release notes

Is this page helpful?