Menu

Support old devices

This section shows you the steps required support older Samsung devices running Knox v2.7 or earlier.

The Knox SDK landing page provides a downloadable library called supportlib.jar, which provides backwards compatibility with these older devices, which don’t recognize the new namespace used by the Knox SDK v3.x. As described in the last step, Update your app, you can include the supportlib.jar at run-time, to translate the new namespace used by the Knox SDK v3.x to the old namespace recognized by the older devices.

Define the old intents in the Manifest

Since supportlib.jar is added only for run-time scope and not used in compilation, you need to declare all the old intents in your app’s Android manifest file.

Simply copy and paste the following code into your manifest.

<receiver android:name="com.samsung.android.knox.IntentConverterReceiver" >
    <intent-filter>
        <action android:name="edm.intent.application.action.prevent.start" />
        <action android:name="edm.intent.application.action.prevent.stop" />
        <action android:name="edm.intent.action.ldap.createacct.result" />
        <action android:name="edm.intent.action.device.inside" />
        <action android:name="edm.intent.action.device.outside" />
        <action android:name="edm.intent.action.device.location.unavailable" />
        <action android:name="com.samsung.edm.intent.action.CERTIFICATE_REMOVED" />
        <action android:name="edm.intent.certificate.action.certificate.failure" />
        <action android:name="com.samsung.edm.intent.action.APPLICATION_FOCUS_CHANGE" />
        <action android:name="edm.intent.action.EMAIL_ACCOUNT_ADD_RESULT" />
        <action android:name="edm.intent.action.EMAIL_ACCOUNT_DELETE_RESULT" />
        <action android:name="com.sec.enterprise.intent.action.BLOCKED_DOMAIN" />
        <action android:name="com.sec.enterprise.intent.action.UPDATE_FOTA_VERSION_RESULT" />
        <action android:name="com.samsung.edm.intent.action.EXCHANGE_CBA_INSTALL_STATUS" />
        <action android:name="android.intent.action.sec.CBA_INSTALL_STATUS" />
        <action android:name="edm.intent.action.EXCHANGE_ACCOUNT_ADD_RESULT" />
        <action android:name="edm.intent.action.EXCHANGE_ACCOUNT_DELETE_RESULT" />
        <action android:name="com.samsung.edm.intent.action.ENFORCE_SMIME_ALIAS_RESULT" />
        <action android:name="edm.intent.action.knox_license.status" />
        <action android:name="edm.intent.action.license.status" />
        <action android:name="com.samsung.edm.intent.event.NTP_SERVER_UNREACHABLE" />
        <action android:name="edm.intent.action.enable.kiosk.mode.result" />
        <action android:name="edm.intent.action.disable.kiosk.mode.result" />
        <action android:name="edm.intent.action.unexpected.kiosk.behavior" />
        <action android:name="com.samsung.edm.intent.action.SIM_CARD_CHANGED" />
        <action android:name="android.intent.action.sec.SIM_CARD_CHANGED" />
        <action android:name="com.samsung.action.knox.certenroll.CEP_CERT_ENROLL_STATUS" />
        <action android:name="com.samsung.action.knox.certenroll.CEP_SERVICE_DISCONNECTED" />
        <action android:name="com.sec.enterprise.knox.intent.action.KNOX_ATTESTATION_RESULT" />
        <action android:name="com.sec.action.NO_USER_ACTIVITY" />
        <action android:name="com.sec.action.USER_ACTIVITY" />
        <action android:name="com.samsung.android.mdm.VPN_BIND_RESULT" />
    </intent-filter>
</receiver>

Protect intents converted in SupportLib

The new namespace intents will not be framework protected on old devices. That is, they will not be defined with the protected-broadcast tag in the framework’s manifest. Because of this, a malicious app can send new namespace intents on devices running a platform earlier than Knox 3.0.

Your app must guarantee the new namespace intent’s security by protecting receivers with a signature permission. To ensure the security of your app’s receivers, do the following:

  1. Define the new permission in app’s manifest.
  2. Declare permission usage.
  3. Protect static receivers with the created permission.
  4. Protect dynamic receivers in the app.
// App manifest file

// Define the new permission.
<permission
    android:name="com.example.supportlibclient.SUPPORT_PERMISSION" 
    android:label="Support permission" 
    android:protectionLevel="signature" />

// Declare permission usage.
<uses-permission 
    android:name="com.example.supportlibclient.SUPPORT_PERMISSION" />

<receiver
    android:name="com.example.supportlibclient.PreventStartReceiver" 
    android:permission="com.example.supportlibclient.SUPPORT_PERMISSION" >
    <intent-filter>
        // Protect static receivers.
        <action android:name="com.samsung.android.knox.intent.action.
PREVENT_APPLICATION_START" />
    </intent-filter>
</receiver>
// Protect dynamic receivers in the app.
IntentFilter filter = new IntentFilter(); 
filter.addAction(ApplicationPolicy.ACTION_PREVENT_APPLICATION_START); 
registerReceiver(mPreventStartPackageReceiver, filter,
"com.example.supportlibclient.SUPPORT_PERMISSION", null);

Review the deprecated methods

In the new consolidated Knox SDK, we have removed API methods that were already deprecated in the legacy Knox Standard, Premium, Customization, and ISV SDKs. We’ve also removed API methods that were duplicated across legacy SDKs or not being used as indicated by our analytics. This was to streamline the new Knox SDK and ease usability moving forward. The Knox 3.x platform installed on devices still supports these deprecated API methods. However, we discourage using these API methods as we will likely remove support for them in the near future. For a complete list of deprecated API methods, see Deprecated API methods.

One way to check for all deprecated methods is through an IDE’s analysis tools, for example, in Android Studio, through Analyze > Inspect Code.

Tutorial Progress

You are done the tutorial. Congratulations!