Knox SDK 3.7.1
The Knox 3.7.1 platform introduces new features to provide broad support for operational technology teams in industrial sectors. New features include:
- Device Management for Independent Software Vendors (ISVs), who no longer need Device Admin (DA) permission to configure devices
- Peripheral Management for devices such as barcode readers, which can be integrated with a smartphone via USB or wirelessly
- Machine Learning Model Protection, to encrypt ML data on the device and control access to the data
As with past releases, new Knox features are offered through one of the following:
- Knox Service Plugin (KSP), which provides new features on the day of release to IT admins using UEM solutions; for the latest features offered through KSP, browse the release notes
- Knox SDK, to provide more powerful programmatic and integrated control to developers creating app solutions
- Knox platform, which is factory-installed on Samsung Knox devices
Read on to find out more about the new features.
Independent Software Vendor APIs
With this release, there are new APIs geared more for Independent Software Vendors than for the traditional Mobile Device Management (MDM) vendors.
To use these ISV APIs, an app does not need the following:
Device Admin permission — MDM apps need the permission
android.permission.BIND_DEVICE_ADMINfor more powerful system-level control over a device, which device users can opt not to grant. Google has deprecated the Device Admin (DA) mode of device management. Although apps can continue to use the permission, Google no longer recommends it. An ISV app needs only the permissions for features it uses. For details, see ISV Permissions and Declare Knox permissions.
Knox license — Corporate managed devices don’t need to activate a Knox license to use the new ISV APIs. More specifically, license activation is not needed for the Device Owner (DO) or Profile Owner (PO) on a company-owned device. License activation is still needed for BYOD deployments. For more about these deployments, see Device management modes.
Network connection — Since ISV apps on corporate devices no longer need a license, there’s no need to validate the license with a cloud-based or on-prem license server, making ISV apps suitable for offline deployments.
The new Knox 3.7.1 features, which use this ISV model, have API packages in the.knox.ex (extension) namespace:
Device Management — com.samsung.android.knox.ex
Peripheral Management — com.samsung.android.knox.ex.peripheral
Machine Learning Model Protection — com.samsung.android.knox.ex.knoxAI
For information about existing ISV features that do still need Device Admin permission, see Independent Software Vendors (DA).
Device Management for ISVs
You can now configure mobile devices without needing DA permission. This release introduces new ISV APIs to ease the setup of the following device features:
Device — Force device to boot up when power is applied, set the screen timeout, control screen auto-rotation, set the audio volume.
Settings — Enable touch sensitivity, map a hardware key to an app, set screen brightness, set the default language, set the input method, turn power saving on and off.
Networks — Turn on or off Wi-Fi or NFC; connect with a Wi-Fi access point.
Apps — Grant app permission to access USB device, add app for battery optimization, remove a digital assistant app.
Date and time — Set the device date and time manually; enable automatic time setting; select 12 or 24 hour time format.
Font — Get the supported font sizes, set the font size.
In addition to managing mobile devices, you can use the Knox SDK to manage peripherals that are connected to or integrated with devices. Specifically, you can remotely and centrally automate the setup, monitoring, diagnostics, and control of peripherals in distributed locations. Through peripherals such as barcode readers, you can also collect business and operational data for wide-ranging applications in sectors such as manufacturing, inventory, transportation, and retail.
With the Knox SDK, you can fully configure and manage both mobile devices and connected peripherals at the same time, easing development, testing, deployment, and later updates. The available peripheral features depends on the peripheral, but can include the following:
- Get available peripherals, peripheral info, connection profile, configuration.
- Configure connection profile, peripheral.
- Register listeners for barcode data, plugin info, peripheral info, peripheral state.
- Enable, disable, start, stop peripheral.
- Get stored data, clear memory.
Peripheral info can include the following:
Peripheral: Type, manufacturer, model, name, serial number.
Peripheral status: State, battery level, usage count, firmware update status.
Vendor plugin: Vendor, name, package name, service name, version.
Barcode: Type (1D, 2D), symbology (UPC, Code 39, EAN, and so on), options (start/stop characters, check digits, concatenation, and so on), process mode (store, wedge).
Barcode options: Clear (first, last, all), reset (all data, system time), sync (system time).
Connection: Type (Bluetooth, USB, internal), profile, state.
Error types: Framework, peripheral, plugin errors.
Machine Learning Model Protection
Knox offers a Neural Model Encryption feature for customers to easily deploy their AI/ML Models on the mobile device while leveraging Samsung Knox’s defense grade security. This feature ensures that plain ML model is never stored on the device. The processing for an encrypted model is separate to that of an unencrypted model, and this separation provides model isolation for customers of Knox for Model Protection.
Along with the encryption of ML files, Knox for Model Protection provides access control over the application packages that can load the encrypted model. For details, see Machine Learning/Neural Model encryption, APIs, and Deployment.
For more information
To learn more about the Knox SDK, check out these resources:
Is this page helpful?
Thank you for your feedback!