Knox SDK 3.4.1
Samsung Knox SDK version 3.4.1 extends our device manageability capabilities, optimizes existing features, and further harmonizes Knox with Android Enterprise.
Remote Support Enhancements
With this release, you can now:
enable remote support to work inside a work profile, as this restriction has been removed
remotely view and control the Samsung DeX screen
use the Knox Service Plugin to enable or disable remote support, using AllowRemoteSupport
Find My Mobile Unlock
Previously, a device locked by IT policy could be unlocked by the end user using the Find My Mobile unlock function.
For better security, devices that have password policies such as password quality applied by an IT admin cannot be unlocked through Find My Mobile.
Android Enterprise Harmonization
We are continuing to harmonize our Knox Platform for Enterprise (KPE) with Android Enterprise (AE), with this change in Knox 3.4.1:
- Workspace name replaced with Work — The KPE Workspace container has been harmonized with the AE Work Profile. Accordingly, on the device UI, the Personal and Workspace tabs have been renamed Personal and Work.
We have deprecated KPE features that are not being used, according to our extensive analytics. This is to streamline our operations and allow us to focus more on delivering newly requested features and less on maintaining low usage features. If you are using any of these features, which are described below, please review your solutions to see if you can remove or replace the features.
Which low-use features are being deprecated?
Samsung Single Sign On (Kerberos) — Samsung SSO enables Samsung devices to authenticate users against an Active Directory (AD) infrastructure using the well-known Integrated Windows Authentication (IWA) with Negotiate (using MIT Kerberos V5). Due to low usage, however, we are deprecating this SSO feature. If you are using Samsung SSO, try exploring other SSO solutions like Azure AD.
Knox container unlock using AD — With AD Containers, IT admins can enable corporate AD credentials to unlock the Knox Workspace container on a mobile device. Due to very low usage, this feature is also being deprecated.
Knox Shared Device — Knox Shared Device enables several enterprise employees to use the same device, without divulging individual settings, accounts, apps, or policies. Currently, you can enable this feature only through Knox Configure. With Google now offering Managed guest session devices, we are deprecating the Knox Shared Device.
Knox Cloud SDK — The Knox Cloud SDK enables you to configure Samsung devices through web-based REST API calls. Again, due to very low usage, we are deprecating this feature. Instead, you can use the more powerful, up-to-date, and device-based Knox SDK or Knox Service Plugin.
Also, this feature is not longer available due to security reasons:
- Install apps — Previously, end users could move an app from the Personal space to the Work space (managed profile), through the Work space settings Install apps menu option, which is enabled through the API method RCPPolicy.allowMoveAppsToContainer. As customers have raised concerns about the security of unmanaged apps, we have removed the menu option and API. Now, if you need to install apps into the Work space, you need to use either Google Play or the API InstallApplication.
What is the deprecation timeline?
If you have new devices with Android Q (Android 10), you will not be able to use these features anymore.
If you have devices with Android P (Android 9) or earlier, you can still use these features. Details are as follows:
Samsung SSO (Kerberos) and AD container — You can still use these features after a Q OS upgrade. But the features will not be available in Android R.
Knox Shared Device — Shared Device has been enabled only through Knox Configure (KC). Shared Device will be unavailable from Android Q onwards, and cannot be enabled by Knox Configure. However, if you are already using Shared Device, you can still use it after a Q OS upgrade, but you can use Knox Configure only to disable it. The Knox Configure console will show the supported OS version for Shared Device, and provide Shared Device only for the devices which have supported OS.
Knox Cloud SDK — This will not be supported on Android Q devices. Additionally, on:
February 26, 2020 — We will be ending support for Cloud SDK across all devices. That is to say, users will no longer be able to create or edit existing Cloud SDK profiles after this date. Users will also not be able to assign an existing Cloud SDK profile to a new device.
May 27, 2020 — Existing Cloud SDK devices that have been factory reset will no longer be able to be enrolled via the Cloud SDK.
To improve SDK usability and maintainability, we have continued to deprecate APIs that are not being used, as per our API usage analytics.
Below are the API classes that have some deprecated APIs. Note though that not all APIs in these classes are deprecated. For a complete list of the API methods that have been deprecated, see Deprecated API methods.
- Device management — PasswordPolicy, APMPolicy, DeviceInventory
- Networking — BluetoothSecurePolicy
- App management — ApplicationPolicy
- Email management — LDAPAccountPolicy
- Data protection — DLPManagerPolicy
- Keystore and certificate management — EnterpriseCertEnrollPolicy
- Knox workspace — KnoxContainerManager, ContainerConfigurationPolicy, SEAMSPolicy, RCPPolicy
- Customization — SystemManager, SettingsManager
The API reference also indicates which classes and methods are deprecated with the note, Deprecated in API level 30.
Old SDK namespace no longer supported — As mentioned in our June 13 blog post, new Samsung devices running the Android 10 (Q) operating system no longer support our old SDK namespace. For info about migrating apps from the old to new SDKs and namespaces, see the migration intro.
Apps must handle runtime permissions — As mentioned in our May 28 blog post, apps must now handle dangerous permissions in runtime as Android 10 (Q) no longer supports the workaround that we had introduced in Android 6 (M).
For more information
To learn more about the Knox SDK, check out these resources:
Is this page helpful?
Thank you for your feedback!