Knox SDK 3.7
September 2020 — Early Access Test
The Knox 3.7 platform introduces these new features:
- Work profile on company-owned devices
- Device owner with app separation
- Lock screen enhancements
- Deep Settings customization
- Bug fixes and feature enhancements
As with past releases, new features are offered through either the:
Knox Service Plugin (KSP), which provides new features on the day of release to IT admins using UEM solutions supporting KSP, or
Knox SDK, to provide more powerful programmatic and integrated control to developers creating app solutions
Knox platform, which is factory-installed on Samsung Knox devices
Read on to find out more about how you can benefit from the new features.
Work profile on company-owned devices
Google’s Android 11 release:
deprecates the fully managed device with a work profile, to protect user privacy on company devices that enable personal usage.
provides a new work profile on company-owned devices, which limits company management of the personal profile.
To migrate to the new work profile on company-owned devices, see:
Work profile on company-owned devices — Describes what’s changing and how existing fully managed devices with work profiles will migrate during an Android 11 upgrade.
Prepare Knox for Android 11 — Describes what happens with KSP, VPNs, NPA, firewalls, global proxies, Samsung Email, SDP, Audit Logs, DualDAR, UCM, and E-FOTA with an upgrade to Android 11, and what to do to migrate successfully. Also describes
Knox APIs in the personal profile — Lists the Knox APIs that can still be called on the personal profile of a company-owned device running Android 11.
For personal profile management, the profile owner of a work profile on company-owned devices must first create a parent instance before calling a Knox policy. Use either of the following new API methods:
To call the new API methods:
EnterpriseDeviceManager.getParentInstance(Context); EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context); ApplicationPolicy obj = edm.getApplicationPolicy(); // Call Knox policy for parent EnterpriseKnoxManager.getParentInstance(Context); EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context); AdvancedRestrictionPolicy obj = ekm.getAdvancedRestrictionPolicy(); // Call Knox policy for parent
Only work profiles on company-owned devices can call getParentInstance, otherwise an exception will be thrown.
Only allowed Knox policies for the personal profile can be called, otherwise an exception will be thrown.
Device owner with app separation
There are some limitations with the new work profile on company-owned devices. For example, customers might want:
- Password reset on the device
- Mobile Threat Defense solution in user0
- General visibility and control of DNS filtering, APN, and so on
Enterprises can migrate to a new Samsung-exclusive mode — device owner with app separation. In this mode, the enterprise continues to have full visibility and control over their company-owned devices with work apps separated through a lightweight container.
Set up this new mode through the Knox Service Plugin (release at end of September).
Lock screen enhancements
This release offers several customer-requested enhancements to the lock screen:
|Admin lock on Knox license expiry||When a license is expires, the device or the profile is immediately admin locked from a security and management point of view.||
The users can use the existing device or profile under the policies.
|Admin lock on maximum failed passwords||The device is admin locked when a user fails 5 times (assuming the maximum failed password count is 5).||The profile (PO) will be admin locked or wiped instead of device locked when user fails 5 times.|
|Face unlock for work profile||Lack of face unlock to open a work profile.||Face authentication allowed for profile owner. There will be a new API to enable or disable this feature.|
|Advanced access control for work profile||When a work profile is unlocked, unauthorized people can easily access the data inside the profile at any time.||When a non-registered user (who is not the owner) is detected, the profile is locked automatically base on face authentication. There will be a new API to enable or disable this feature.|
Deep Settings customization
This release expands the list of deep settings introduced with Knox 3.4, delivering options to configure the following Settings options through the Knox Service Plugin.
|Hardware key remapping||
Ruggedized devices such as the XCover Pro expand their key remapping capabilities, supporting:
|Side Key setting||The new Side key, which combines the Power and Bixby keys, can now be enabled or disabled in the Settings.|
|APN change disabling||APN can now be disabled or grayed out in the Settings.|
|Dual SIM management||Devices with dual SIMs can now configure preferred SIM cards for each call, SMS, and data. While the SIM manager is configured through deep settings, the e-sim menu will be disabled automatically.|
Bug fixes and feature enhancements
The release fixes the following customer-reported bugs:
|Ownership transfer for DPM||In the case of a profile owner, a work profile is removed when an IT admin tries to transfer ownership using the API DPM.transferOwnership API.||Ownership migration is now supported|
|Filter data traffic for tethering using Firewall||Samsung devices provide an enhance Knox firewall, but the policy does not affect tethered devices such as laptops and tablets.||The Knox firewall policy now includes tethered devices.|
|Ultra-wideband control||UWB was introduced with the Galaxy Note20 but IT admins could not control it.||There will be a new Knox API to enable and disable UWB.|
ActivationInfo — New API class that provides information about license activations: activation date, masked license key, package name, and state.
KnoxEnterpriseLicenseManager.getLicenseActivationInfo — New API method that gets ActivationInfo from the calling package.
DualDARPolicy.KEY_CONFIG_CLIENT_LOCATION — String parameter used to set a DualDAR client app’s storage location during container creation time.
For more information
To learn more about the Knox SDK, check out these resources:
Is this page helpful?
Thank you for your feedback!