Since: API level 2
public class

WifiPolicy

extends Object
java.lang.Object
   ↳ com.samsung.android.knox.net.wifi.WifiPolicy

Class Overview

This class provides APIs to configure Wi-Fi related settings and manage Wi-Fi profiles.

Since
API level 2
MDM 2.0

Summary

Constants
int SECURITY_LEVEL_EAP_AKA EAP-AKA Wi-Fi security level.
int SECURITY_LEVEL_EAP_AKA_CCKM Deprecated in API level 29
int SECURITY_LEVEL_EAP_AKA_FT Deprecated in API level 29
int SECURITY_LEVEL_EAP_AKA_PRIME EAP-AKA' Wi-Fi security level.
int SECURITY_LEVEL_EAP_AKA_PRIME_CCKM Deprecated in API level 29
int SECURITY_LEVEL_EAP_AKA_PRIME_FT Deprecated in API level 29
int SECURITY_LEVEL_EAP_FAST Deprecated in API level 30
int SECURITY_LEVEL_EAP_FAST_CCKM Deprecated in API level 29
int SECURITY_LEVEL_EAP_FAST_FT Deprecated in API level 29
int SECURITY_LEVEL_EAP_LEAP Deprecated in API level 30
int SECURITY_LEVEL_EAP_LEAP_CCKM Deprecated in API level 29
int SECURITY_LEVEL_EAP_LEAP_FT Deprecated in API level 29
int SECURITY_LEVEL_EAP_PEAP EAP-PEAP Wi-Fi security level.
int SECURITY_LEVEL_EAP_PEAP_CCKM Deprecated in API level 29
int SECURITY_LEVEL_EAP_PEAP_FT Deprecated in API level 29
int SECURITY_LEVEL_EAP_PWD EAP-PWD Wi-Fi security level.
int SECURITY_LEVEL_EAP_PWD_CCKM Deprecated in API level 29
int SECURITY_LEVEL_EAP_PWD_FT Deprecated in API level 29
int SECURITY_LEVEL_EAP_SIM EAP-SIM Wi-Fi security level.
int SECURITY_LEVEL_EAP_SIM_CCKM Deprecated in API level 29
int SECURITY_LEVEL_EAP_SIM_FT Deprecated in API level 29
int SECURITY_LEVEL_EAP_TLS EAP-TLS Wi-Fi security level.
int SECURITY_LEVEL_EAP_TLS_CCKM Deprecated in API level 29
int SECURITY_LEVEL_EAP_TLS_FT Deprecated in API level 29
int SECURITY_LEVEL_EAP_TTLS EAP-TTLS Wi-Fi security level.
int SECURITY_LEVEL_EAP_TTLS_CCKM Deprecated in API level 29
int SECURITY_LEVEL_EAP_TTLS_FT Deprecated in API level 29
int SECURITY_LEVEL_FT_PSK Deprecated in API level 29
int SECURITY_LEVEL_OPEN Open Wi-Fi security level.
int SECURITY_LEVEL_SAE SAE (WPA3 personal) Wi-Fi security level.
int SECURITY_LEVEL_WEP WEP Wi-Fi security level.
int SECURITY_LEVEL_WPA WPA/WPA2-PSK Wi-Fi security level.
String SECURITY_TYPE_OPEN Open security type.
String SECURITY_TYPE_SAE SAE security type.
String SECURITY_TYPE_WPA2_PSK WPA2 PSK security type.
String SECURITY_TYPE_WPA_PSK Deprecated in API level 27
Public Methods
boolean activateWifiSsidRestriction(boolean activate)
Deprecated in API level 35
boolean addBlockedNetwork(String ssid)
Deprecated in API level 33
NOTE: This API is not available since Android 13.
boolean addWifiSsidsToBlackList(List<String> ssid)
Deprecated in API level 35
boolean addWifiSsidsToWhiteList(List<String> ssid, boolean defaultBlackList)
Deprecated in API level 35
boolean addWifiSsidsToWhiteList(List<String> ssid)
Deprecated in API level 35
boolean allowOpenWifiAp(boolean allow)
Deprecated in API level 35
boolean allowWifiApSettingUserModification(boolean allow)
Deprecated in API level 35
boolean clearWifiSsidsFromBlackList()
Deprecated in API level 35
boolean clearWifiSsidsFromList()
Deprecated in API level 35
boolean clearWifiSsidsFromWhiteList()
Deprecated in API level 35
boolean getAllowUserPolicyChanges()
Deprecated in API level 35
boolean getAllowUserProfiles(boolean showMsg)
Deprecated in API level 35
boolean getAutomaticConnectionToWifi()
Deprecated in API level 35
List<String> getBlockedNetworks()
Deprecated in API level 33
int getMinimumRequiredSecurity()
Deprecated in API level 35
List<String> getNetworkSSIDList()
Deprecated in API level 35
boolean getPasswordHidden()
Deprecated in API level 35
boolean getPromptCredentialsEnabled()
Deprecated in API level 28
WifiConfiguration getWifiApSetting()
Deprecated in API level 35
WifiAdminProfile getWifiProfile(String ssid)
Deprecated in API level 35
List<WifiControlInfo> getWifiSsidsFromBlackLists()
Deprecated in API level 35
List<WifiControlInfo> getWifiSsidsFromWhiteLists()
Deprecated in API level 35
boolean isNetworkBlocked(String ssid, boolean showMsg)
Deprecated in API level 35
NOTE: This API is not available since Android 13.
boolean isOpenWifiApAllowed()
Deprecated in API level 35
boolean isWifiApSettingUserModificationAllowed()
Deprecated in API level 35
boolean isWifiSsidRestrictionActive()
Deprecated in API level 35
boolean isWifiStateChangeAllowed()
Deprecated in API level 35
boolean removeBlockedNetwork(String ssid)
Deprecated in API level 33
boolean removeNetworkConfiguration(String ssid)
Deprecated in API level 35
boolean removeWifiSsidsFromBlackList(List<String> ssid)
Deprecated in API level 35
boolean removeWifiSsidsFromWhiteList(List<String> ssid)
Deprecated in API level 35
boolean setAllowUserPolicyChanges(boolean enable)
Deprecated in API level 35
boolean setAllowUserProfiles(boolean enable)
Deprecated in API level 35
boolean setAutomaticConnectionToWifi(boolean enable)
Deprecated in API level 35
boolean setMinimumRequiredSecurity(int secType)
Deprecated in API level 35
boolean setPasswordHidden(boolean passHidden)
Deprecated in API level 35
boolean setPromptCredentialsEnabled(boolean enable)
Deprecated in API level 28
boolean setWifiApSetting(String ssid, String securityType, String password)
Deprecated in API level 35
boolean setWifiProfile(WifiAdminProfile profile)
Deprecated in API level 35
boolean setWifiStateChangeAllowed(boolean allow)
Deprecated in API level 35
[Expand]
Inherited Methods
From class java.lang.Object

Constants

public static final int SECURITY_LEVEL_EAP_AKA

Since: API level 17

EAP-AKA Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device. Used for setMinimumRequiredSecurity(int) .

Since
API level 17
MDM 5.5
Constant Value: 25 (0x00000019)

public static final int SECURITY_LEVEL_EAP_AKA_CCKM

Since: API level 17

Deprecated in API level 29

EAP-AKA-CCKM Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 17
MDM 5.5
Constant Value: 27 (0x0000001b)

public static final int SECURITY_LEVEL_EAP_AKA_FT

Since: API level 17

Deprecated in API level 29

EAP-AKA-FT Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 17
MDM 5.5
Constant Value: 26 (0x0000001a)

public static final int SECURITY_LEVEL_EAP_AKA_PRIME

Since: API level 17

EAP-AKA' Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device. Used for setMinimumRequiredSecurity(int) .

Since
API level 17
MDM 5.5
Constant Value: 28 (0x0000001c)

public static final int SECURITY_LEVEL_EAP_AKA_PRIME_CCKM

Since: API level 17

Deprecated in API level 29

EAP-AKA'-CCKM Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 17
MDM 5.5
Constant Value: 30 (0x0000001e)

public static final int SECURITY_LEVEL_EAP_AKA_PRIME_FT

Since: API level 17

Deprecated in API level 29

EAP-AKA'-FT Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 17
MDM 5.5
Constant Value: 29 (0x0000001d)

public static final int SECURITY_LEVEL_EAP_FAST

Since: API level 2

Deprecated in API level 30

EAP-FAST Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device. Used for setMinimumRequiredSecurity(int) .

Since
API level 2
MDM 2.0
Constant Value: 4 (0x00000004)

public static final int SECURITY_LEVEL_EAP_FAST_CCKM

Since: API level 17

Deprecated in API level 29

EAP-FAST-CCKM Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 17
MDM 5.5
Constant Value: 18 (0x00000012)

public static final int SECURITY_LEVEL_EAP_FAST_FT

Since: API level 17

Deprecated in API level 29

EAP-FAST-FT Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 17
MDM 5.5
Constant Value: 17 (0x00000011)

public static final int SECURITY_LEVEL_EAP_LEAP

Since: API level 2

Deprecated in API level 30

EAP-LEAP Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device. Used for setMinimumRequiredSecurity(int) .

Since
API level 2
MDM 2.0
Constant Value: 3 (0x00000003)

public static final int SECURITY_LEVEL_EAP_LEAP_CCKM

Since: API level 17

Deprecated in API level 29

EAP-LEAP-CCKM Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 17
MDM 5.5
Constant Value: 16 (0x00000010)

public static final int SECURITY_LEVEL_EAP_LEAP_FT

Since: API level 17

Deprecated in API level 29

EAP-LEAP-FT Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 17
MDM 5.5
Constant Value: 15 (0x0000000f)

public static final int SECURITY_LEVEL_EAP_PEAP

Since: API level 2

EAP-PEAP Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device. Used for setMinimumRequiredSecurity(int) .

Since
API level 2
MDM 2.0
Constant Value: 5 (0x00000005)

public static final int SECURITY_LEVEL_EAP_PEAP_CCKM

Since: API level 15

Deprecated in API level 29

EAP-PEAP-CCKM Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 15
MDM 5.4
Constant Value: 10 (0x0000000a)

public static final int SECURITY_LEVEL_EAP_PEAP_FT

Since: API level 15

Deprecated in API level 29

EAP-PEAP-FT Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 15
MDM 5.4
Constant Value: 9 (0x00000009)

public static final int SECURITY_LEVEL_EAP_PWD

Since: API level 17

EAP-PWD Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device. Used for setMinimumRequiredSecurity(int) .

Since
API level 17
MDM 5.5
Constant Value: 19 (0x00000013)

public static final int SECURITY_LEVEL_EAP_PWD_CCKM

Since: API level 17

Deprecated in API level 29

EAP-PWD-CCKM Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 17
MDM 5.5
Constant Value: 21 (0x00000015)

public static final int SECURITY_LEVEL_EAP_PWD_FT

Since: API level 17

Deprecated in API level 29

EAP-PWD-FT Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 17
MDM 5.5
Constant Value: 20 (0x00000014)

public static final int SECURITY_LEVEL_EAP_SIM

Since: API level 17

EAP-SIM Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device. Used for setMinimumRequiredSecurity(int) .

Since
API level 17
MDM 5.5
Constant Value: 22 (0x00000016)

public static final int SECURITY_LEVEL_EAP_SIM_CCKM

Since: API level 17

Deprecated in API level 29

EAP-SIM-CCKM Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 17
MDM 5.5
Constant Value: 24 (0x00000018)

public static final int SECURITY_LEVEL_EAP_SIM_FT

Since: API level 17

Deprecated in API level 29

EAP-SIM-FT Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 17
MDM 5.5
Constant Value: 23 (0x00000017)

public static final int SECURITY_LEVEL_EAP_TLS

Since: API level 2

EAP-TLS Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device. Used for setMinimumRequiredSecurity(int) .

Since
API level 2
MDM 2.0
Constant Value: 7 (0x00000007)

public static final int SECURITY_LEVEL_EAP_TLS_CCKM

Since: API level 15

Deprecated in API level 29

EAP-TLS-CCKM Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 15
MDM 5.4
Constant Value: 14 (0x0000000e)

public static final int SECURITY_LEVEL_EAP_TLS_FT

Since: API level 15

Deprecated in API level 29

EAP-TLS-FT Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 15
MDM 5.4
Constant Value: 13 (0x0000000d)

public static final int SECURITY_LEVEL_EAP_TTLS

Since: API level 2

EAP-TTLS Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device. Used for setMinimumRequiredSecurity(int) .

Since
API level 2
MDM 2.0
Constant Value: 6 (0x00000006)

public static final int SECURITY_LEVEL_EAP_TTLS_CCKM

Since: API level 15

Deprecated in API level 29

EAP-TTLS-CCKM Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 15
MDM 5.4
Constant Value: 12 (0x0000000c)

public static final int SECURITY_LEVEL_EAP_TTLS_FT

Since: API level 15

Deprecated in API level 29

EAP-TTLS-FT Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 15
MDM 5.4
Constant Value: 11 (0x0000000b)

public static final int SECURITY_LEVEL_FT_PSK

Since: API level 15

Deprecated in API level 29

FT-PSK Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 15
MDM 5.4
Constant Value: 8 (0x00000008)

public static final int SECURITY_LEVEL_OPEN

Since: API level 2

Open Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device. Used for setMinimumRequiredSecurity(int).

Since
API level 2
MDM 2.0
Constant Value: 0 (0x00000000)

public static final int SECURITY_LEVEL_SAE

Since: API level 35

SAE (WPA3 personal) Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device.

Since
API level 35
KNOX 3.8
Constant Value: 31 (0x0000001f)

public static final int SECURITY_LEVEL_WEP

Since: API level 2

WEP Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device. Used for setMinimumRequiredSecurity(int).

Since
API level 2
MDM 2.0
Constant Value: 1 (0x00000001)

public static final int SECURITY_LEVEL_WPA

Since: API level 2

WPA/WPA2-PSK Wi-Fi security level. Flag used to set the minimum security level allowed to establish a Wi-Fi connection on the device. Used for setMinimumRequiredSecurity(int) .

Since
API level 2
MDM 2.0
Constant Value: 2 (0x00000002)

public static final String SECURITY_TYPE_OPEN

Since: API level 4

Open security type. Used to configure a Wi-Fi AP configuration. Used for setWifiApSetting(String, String, String).

Since
API level 4
MDM 2.2
Constant Value: "Open"

public static final String SECURITY_TYPE_SAE

Since: API level 35

SAE security type. Used to configure a Wifi AP Configuration. Used for setWifiApSetting(String, String, String)

Since
API level 35
KNOX 3.8
Constant Value: "SAE"

public static final String SECURITY_TYPE_WPA2_PSK

Since: API level 27

WPA2 PSK security type. Used to configure a Wifi AP Configuration. Used for setWifiApSetting(String, String, String)

Since
API level 27
KNOX 3.2.1
Constant Value: "WPA2_PSK"

public static final String SECURITY_TYPE_WPA_PSK

Since: API level 4

Deprecated in API level 27

WPA PSK security type. Used to configure a Wi-Fi AP configuration. Used for setWifiApSetting(String, String, String).

Since
API level 4
MDM 2.2
Constant Value: "WPA_PSK"

Public Methods

public boolean activateWifiSsidRestriction (boolean activate)

Since: API level 4

Deprecated in API level 35

API to activate or deactivate access restriction based on the Wi-Fi network service set identifier (SSID).

Parameters
activate true to activate the Wi-Fi network access policy, false to deactivate the Wi-Fi network access policy
Returns
  • true on successful activation or deactivation of access policy, else false on failure
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to activate the SSID-based Wi-Fi network blacklist and whitelist policies. The SSID-based Wi-Fi network whitelist and blacklist policies are not applied until activated using this API.

NOTE 1: From Knox 3.9 onwards, the following rules will apply:

Allowlist - Only the SSIDs in the allowlist are allowed and all others are blocked. The blocklist doesn't have any effect.
Blocklist - Only the SSIDs in the blocklist are blocked and all others are allowed. Blocklist only takes effect if the allowlist is empty.

NOTE 2: From Knox 3.9 onwards, the networks previously configured using addBlockedNetwork(String) will also be included in block list.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean addBlockedNetwork (String ssid)

Since: API level 2

Deprecated in API level 33
NOTE: This API is not available since Android 13.

API to add a service set identifier (SSID) to the list of blocked networks.

Parameters
ssid The SSID to block
Returns
  • true if adding blocked network was successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to add an SSID to the list of blocked networks, which prevents the user from connecting to it. The blocked network still appears in the Access Point list but is disabled. If the to-be-blocked network is connected when the SSID is added, the user is disconnected. A network is considered blocked if any administrator has it in its blacklist.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 
 try {
     boolean success = edm.getWifiPolicy().addBlockedNetwork("Other Company Wi-Fi");
     if (success) {
         Log.d(TAG, "Adding blocked network succeeded");
     } else {
         Log.d(TAG, "Adding blocked network failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean addWifiSsidsToBlackList (List<String> ssid)

Since: API level 4

Deprecated in API level 35

API to add Wi-Fi network service set identifiers (SSIDs) to the Wi-Fi network blacklist.

Parameters
ssid Wi-Fi network SSID list to be added to blacklist
Returns
  • true if the SSID is successfully added in to blacklist, else false on failure
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to blacklist Wi-Fi networks based on the Wi-Fi network SSID. The device does not connect to Wi-Fi networks with matching SSIDs. The blacklisted Wi-Fi networks still appear in the AP list but are disabled, and the user cannot access them. If the network is connected when the SSID is added to the blacklist, the user is disconnected. For a device managed by multiple administrators, a network is considered blacklisted if at least one administrator has the SSID in the blacklist. The character '*' is the only wild card is allowed in the blacklist specification, which disables connection to all Wi-Fi networks except those specified in the whitelist.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 try {
     List<String> blackList = new ArrayList<String>();
     blackList.add("Starbucks3462");
     blackList.add("Android8480");
     boolean success = edm.getWifiPolicy().addWifiSsidsToBlackList(blackList);
     if (success) {
         Log.d(TAG, "Addition to blacklist succeeded");
         edm.getWifiPolicy().activateWifiSsidsRestriction(true);
     } else {
         Log.d(TAG, "Addition to blacklist failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
If the same administrator adds a Wi-Fi network to the Wi-Fi network whitelist using addWifiSsidsToWhiteList(List) as well as the blacklist, the user can still connect to that Wi-Fi network. The whitelist is the exception to the blacklist. If the SSID of a Wi-Fi network currently being connected matches an SSID in both the blacklist and the whitelist of the same administrator, the whitelist takes priority over the blacklist, and the user is allowed to connect to that Wi-Fi network.

After configuring the blacklist, make sure the policy is activated using isWifiSsidRestrictionActive(); if not activated, use activateWifiSsidRestriction(boolean) to activate the blacklist. Unless this step is performed, the blacklist policy is not activated.

NOTE: From Knox 3.9 onwards, the following rules will apply:

Allowlist - Only the SSIDs in the allowlist are allowed and all others are blocked. The blocklist doesn't have any effect.
Blocklist - Only the SSIDs in the blocklist are blocked and all others are allowed. Blocklist only takes effect if the allowlist is empty.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean addWifiSsidsToWhiteList (List<String> ssid, boolean defaultBlackList)

Since: API level 11

Deprecated in API level 35

API to add a list of wifi network SSIDs to the wifi network whitelist and default blacklist all other wifi network SSIDs.

Parameters
ssid wifi network SSID list to be added to whitelist
defaultBlackList true to default blacklist all Wifi network SSIDs, false to keep the blacklist unchanged
Returns
  • true if the SSID is successfully added in to whitelist and "*" is successfully added in to blacklist if needed, else false on failure of either
Throws
SecurityException If caller does not have required permissions
Usage
Administrator can use this API to whitelist wifi networks based on the SSID of those wifi networks. The wifi networks with matching SSIDs will be excepted from the blacklist and will be allowed to connect to the device. Also, rest all other wifi network SSIDs could be default blaklisted using this API. If defaultBlackList parameter is set to true, "*" will be added in blacklist.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 try {
     boolean defaultBlackList = true;
     List<String> whiteList = new ArrayList<String>();
     whiteList.add("Starbucks3462");
     whiteList.add("Android8480");
     boolean success = edm.getWifiPolicy().addWifiSsidToWhiteList(whiteList,
             defaultBlackList);
     if (success) {
         Log.d(TAG, "Addition to list is a Success");
         edm.getWifiPolicy().activateWifiSsidRestriction(true);
     } else {
         Log.d(TAG, "Addition to either whitelist or default blacklist is a Failure");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
This whitelist is an exception to the blacklist which is created using addWifiSsidsToBlackList(List). If the SSID of the wifi network matches the SSID in both the blacklist and whitelist of the same admin, the whitelist being an exception to the blacklist will take priority and the wifi network will be allowed to connect.

After configuring the whitelist make sure the policy is activated using isWifiSsidRestrictionActive() if not activated, use activateWifiSsidRestriction(boolean) to activate the whitelist. Unless this is done whitelist policy will not be activated.

NOTE: From Knox 3.9 onwards, the following rules will apply:

Allowlist - Only the SSIDs in the allowlist are allowed and all others are blocked. The blocklist doesn't have any effect.
Blocklist - Only the SSIDs in the blocklist are blocked and all others are allowed. Blocklist only takes effect if the allowlist is empty.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
Global Scope

public boolean addWifiSsidsToWhiteList (List<String> ssid)

Since: API level 4

Deprecated in API level 35

API to add a Wi-Fi network service set identifier (SSID) to the Wi-Fi network whitelist.

Parameters
ssid The Wi-Fi network SSID(s) to be added to the whitelist
Returns
  • true if the SSID is successfully added to whitelist, else false on failure
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to add a Wi-Fi network service set identifier (SSID) to Wi-Fi network whitelist. A Wi-Fi network with a matching SSIDs is excepted from the blacklist, and the device can connect to the whitelisted Wi-Fi network.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 try {
     List<String> whiteList = new ArrayList<String>();
     whiteList.add("Starbucks3462");
     whiteList.add("Android8480");
     boolean success = edm.getWifiPolicy().addWifiSsidsToWhiteList(whiteList);
     if (success) {
         Log.d(TAG, "Addition to whitelist succeeded");
         edm.getWifiPolicy().activateWifiSsidsRestriction(true);
     } else {
         Log.d(TAG, "Addition to whitelist failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
The whitelist is an exception to the blacklist that is created using addWifiSsidsToBlackList(List). If the SSID of the Wi-Fi network matches the SSID in both the blacklist and whitelist of the same administrator, the whitelist takes priority as an exception to the blacklist, and the device is allowed to connect to the Wi-Fi network.

After configuring the whitelist, make sure the policy is activated using isWifiSsidRestrictionActive(); if not activated, use activateWifiSsidRestriction(boolean) to activate the whitelist. Unless this step is performed, the whitelist policy is not activated.

NOTE: From Knox 3.9 onwards, the following rules will apply:

Allowlist - Only the SSIDs in the allowlist are allowed and all others are blocked. The blocklist doesn't have any effect.
Blocklist - Only the SSIDs in the blocklist are blocked and all others are allowed. Blocklist only takes effect if the allowlist is empty.
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean allowOpenWifiAp (boolean allow)

Since: API level 6

Deprecated in API level 35

API to allow or deny user to start an open (non-secured) Wi-Fi hotspot.

Parameters
allow false to deny user from starting an open Wi-Fi hotspot. true to allow user to start an open Wi-Fi hotspot.
Returns
  • true if policy is applied successfully, false on failure.
Throws
SecurityException If caller does not have required permissions
Usage

An open Wi-Fi hotspot is a Wi-Fi connection with no security constraints that allows any Wi-Fi-capable device to connect.

When disabled, the user cannot start an open Wi-Fi hotpot. When enabled back, the user is allowed to start an open Wi-Fi hotspot.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.

Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean allowWifiApSettingUserModification (boolean allow)

Since: API level 4

Deprecated in API level 35

API to allow or deny the user to edit Wi-Fi AP settings.

Parameters
allow false to deny user changing Wi-Fi AP settings. true to allow user to change Wi-Fi AP settings.
Returns
  • true if policy is applied successfully, false on failure.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to deny the user modifying Wi-Fi AP settings. When disabled, the UI is grayed out so the user cannot modify the settings. When enabled, the user can modify the Wi-Fi AP Settings.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.

Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean clearWifiSsidsFromBlackList ()

Since: API level 4

Deprecated in API level 35

API to remove all Wi-Fi network service set identifiers (SSIDs) from the Wi-Fi network blacklist.

Returns
  • true if all SSIDs are successfully removed from the blacklist, else false on failure
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to remove all Wi-Fi network SSIDs from blacklist. Even though the SSIDs are removed from the blacklist, the user must enable the networks manually from the Settings application to make a connection.

NOTE: From Knox 3.9 onwards, the following rules will apply:

Allowlist - Only the SSIDs in the allowlist are allowed and all others are blocked. The blocklist doesn't have any effect.
Blocklist - Only the SSIDs in the blocklist are blocked and all others are allowed. Blocklist only takes effect if the allowlist is empty.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 try {
     boolean success = edm.getWifiPolicy().clearWifiSsidsFromBlackList();
     if (success) {
         Log.d(TAG, "Clearing blacklist succeeded");
     } else {
         Log.d(TAG, "Clearing blacklist failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean clearWifiSsidsFromList ()

Since: API level 11

Deprecated in API level 35

API to remove all wifi network SSIDs from the wifi network whitelist and blacklist

Returns
  • true if all SSIDs is successfully removed from blacklist and whitelist else false on failure
Throws
SecurityException If caller does not have required permissions
Usage
Administrator can use this API to remove all wifi network SSIDs from blacklist and whitelist. Even though SSIDs will be removed form whitelist and blacklist, the user will have to enable it manually from Settings Application, to make a connection.

NOTE: From Knox 3.9 onwards, the following rules will apply:

Allowlist - Only the SSIDs in the allowlist are allowed and all others are blocked. The blocklist doesn't have any effect.
Blocklist - Only the SSIDs in the blocklist are blocked and all others are allowed. Blocklist only takes effect if the allowlist is empty.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 try {
     boolean success = edm.getWifiPolicy().clearWifiSsidBlackList();
     if (success) {
         Log.d(TAG, "Clearing blacklist and whitelist is a Success");
     } else {
         Log.d(TAG, "Clearing blacklist or whitelist is a Failure");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 11
MDM 5.0
Multiuser Environment
Global Scope

public boolean clearWifiSsidsFromWhiteList ()

Since: API level 4

Deprecated in API level 35

API to remove all Wi-Fi network service set identifiers (SSIDs) from the Wi-Fi network whitelist.

Returns
  • true if all SSIDs are successfully removed from whitelist, else false on failure
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to remove all Wi-Fi network SSIDs from the Wi-Fi network whitelist. If an SSID is removed from the whitelist and the same SSID occurs in the Wi-Fi network blacklist, the connection to that Wi-Fi network is blocked.

NOTE: From Knox 3.9 onwards, the following rules will apply:

Allowlist - Only the SSIDs in the allowlist are allowed and all others are blocked. The blocklist doesn't have any effect.
Blocklist - Only the SSIDs in the blocklist are blocked and all others are allowed. Blocklist only takes effect if the allowlist is empty.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 try {
     boolean success = edm.getWifiPolicy().clearWifiSsidsFromWhiteList();
     if (success) {
         Log.d(TAG, "Clearing whitelist succeeded");
     } else {
         Log.d(TAG, "Clearing whitelist failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean getAllowUserPolicyChanges ()

Since: API level 2

Deprecated in API level 35

API to check if the user is allowed to modify certain Wi-Fi network settings.

Returns
  • true if allowed to change all Wi-Fi network settings, false if one or more administrators enables restriction.
Usage
An administrator can use this API to check whether or not the user is allowed to modify Wi-Fi enterprise settings. For a device managed by multiple administrators, the user is restricted in modifying Wi-Fi settings if at least one administrator has set the value to false.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean getAllowUserProfiles (boolean showMsg)

Since: API level 2

Deprecated in API level 35

API to check whether the user is allowed to add Wi-Fi networks on the device.

Parameters
showMsg To inform the user about MDM restriction.
Returns
  • true if allowed to add Wi-Fi network configuration, false if any administrator denies additions.
Usage
An administrator can use this API to check whether the user is allowed to add a new Wi-Fi network configuration. Mobile device management (MDM) clients can still create profiles even if user profiles are denied.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 try {
     boolean allowUserProfiles = edm.getWifiPolicy().getAllowUserProfiles(false);
     if (allowUserProfiles == true) {
         Log.d(TAG, "Allowed to add Wi-Fi network settings");
     } else {
         Log.d(TAG, "Not allowed to add Wi-Fi network settings");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // When you create container successfully, containerID will be returned via intent.
 // Use this containerID in below API.
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 try {
     boolean allowUserProfiles = kcm.getWifiPolicy().getAllowUserProfiles(false);
     if (allowUserProfiles == true) {
         Log.d(TAG, "Allowed to add Wi-Fi network settings");
     } else {
         Log.d(TAG, "Not allowed to add Wi-Fi network settings");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean getAutomaticConnectionToWifi ()

Since: API level 6

Deprecated in API level 35

API to check whether the user is allowed to connect automatically to a known Wi-Fi network.

Returns
  • true if user is allowed to connect automatically to a Wi-Fi access point, false if user is not allowed to connect automatically.
Usage
An administrator can use this API to check whether the user is allowed to connect automatically to a known Wi-Fi network and take appropriate action based on enterprise policy.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public List<String> getBlockedNetworks ()

Since: API level 2

Deprecated in API level 33

API to get the list of blocked network service set identifiers (SSIDs).

Returns
  • The list of blocked SSIDs if set, else an empty list if no SSID is blocked.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to get the list of blocked Wi-Fi network SSIDs from all administrators. An SSID in the list identifies a network that remains disabled, and the user cannot connect to it.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 
 try {
     List<String> blockedNetworks = edm.getWifiPolicy().getBlockedNetworks();
     for (String ssid : blockedNetworks) {
         Log.d(TAG, "blocked network: " + ssid);
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public int getMinimumRequiredSecurity ()

Since: API level 2

Deprecated in API level 35

API to get the current minimum security level required to connect to a Wi-Fi network.

Returns
  • Integer constant representing the network security level.
Usage
An administrator can use this API to get the current minimum security level to connect to a Wi-Fi network. The possible return values are grouped with the following security levels (shown from lowest to highest security level):

1) OPEN
2) WEP
3) WPA
4) SAE
5) LEAP, PWD
6) FAST, PEAP
7) TLS, TTLS, SIM, AKA, AKA'

NOTE: From Knox 3.9 onwards, the security types will be grouped in the following security levels:

1) OPEN
2) WEP, WPA, SAE
3) LEAP, PWD, FAST, PEAP, TLS, TTLS, SIM, AKA, AKA'

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public List<String> getNetworkSSIDList ()

Since: API level 2

Deprecated in API level 35

API to get a list of all enterprise WLAN service set identifiers (SSIDs) configured on the device.

Returns
  • A list of all enterprise WLAN SSIDs or an empty list if no enterprise network has been created, else null on failure.
Throws
SecurityException If caller does not have required permissions
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean getPasswordHidden ()

Since: API level 2

Deprecated in API level 35

API to get the status of the password (hidden or visible) for the Wi-Fi network edit dialog.

Returns
  • true if password is hidden, false if the password is visible.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean getPromptCredentialsEnabled ()

Since: API level 2

Deprecated in API level 28

API to get whether the device prompts the user to re-enter credentials if WPA/WPA2-PSK authentication fails.

Returns
  • true if the device shows the prompt, false if the device does not show the prompt.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public WifiConfiguration getWifiApSetting ()

Since: API level 4

Deprecated in API level 35

API to get the current Wi-Fi AP, tethering or hotspot setting of the device.

Returns
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to retrieve the current Wi-Fi AP settings on the device. The Wi-Fi AP uses these settings if it is already active.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 
 try {
     WifiConfiguration config = edm.getWifiPolicy().getWifiApSetting();
     if (config != null) {
         Log.d(TAG, "SSID : " + wc.SSID + " Security Type : " + wc.allowedKeyManagement);
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 // Sample Output
 // SSID : Android7346 Security Type : OPEN
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public WifiAdminProfile getWifiProfile (String ssid)

Since: API level 2

Deprecated in API level 35

API to get a complete Wi-Fi profile created or edited by an administrator.

Parameters
ssid The service set identifier (SSID) of the profile to be found.
Returns
  • The Wi-Fi profile owned by that administrator that contains the given SSID when successful, or null if no Wi-Fi profile is set.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to get a WifiAdminProfile object previously created or edited, which represents an enterprise Wi-Fi network.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 try {
     WifiAdminProfile wifiProfile = edm.getWifiPolicy().getWifiProfile("Company Wi-Fi");
     if (wifiProfile != null) {
         Log.d(TAG,
                 "Wi-Fi ssid = " + wifiProfile.ssid + " security = " + wifiProfile.security);
     } else {
         Log.d(TAG, "Getting Wi-fi profile failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 2
MDM 2.0
Dependency
The provided SSID must refer to a network created through setWifiProfile(WifiAdminProfile).
Multiuser Environment
Global Scope

public List<WifiControlInfo> getWifiSsidsFromBlackLists ()

Since: API level 4

Deprecated in API level 35

API to retrieve the list of blacklisted Wi-Fi network service set identifiers (SSIDs) for all administrators.

Returns
  • WifiControlInfo List of blacklisted SSIDs along with the controlling administrator package name if it succeeds, else return null
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to retrieve the list of all blacklisted Wi-Fi network SSIDs. The device cannot connect to Wi-Fi networks with matching SSIDs.

NOTE: From Knox 3.9 onwards, the following rules will apply:

Allowlist - Only the SSIDs in the allowlist are allowed and all others are blocked. The blocklist doesn't have any effect.
Blocklist - Only the SSIDs in the blocklist are blocked and all others are allowed. Blocklist only takes effect if the allowlist is empty.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 List<WifiControlInfo> wifiList = edm.getWifiPolicy().getWifiSsidsFromBlackLists();
 
 for (List controlInfo : wifiList) {
     Log.d(TAG, "Administrator : " + controlInfo.adminPackageName + " Entries : "
             + controlInfo.entries);
 }
 
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public List<WifiControlInfo> getWifiSsidsFromWhiteLists ()

Since: API level 4

Deprecated in API level 35

API to retrieve a list of whitelisted Wi-Fi network service set identifiers (SSIDs) for all administrators.

Returns
  • WifiControlInfo List of whitelisted SSIDs along with the controlling administrator package name if it succeeds, else return null
Throws
SecurityException If caller does not have required permissions
Usage

An administrators can use this API to retrieve a list of whitelisted Wi-Fi network SSIDs. Wi-Fi networks with a matching SSID are excepted from the blacklist, and the device can connect to these networks.

NOTE: From Knox 3.9 onwards, the following rules will apply:

Allowlist - Only the SSIDs in the allowlist are allowed and all others are blocked. The blocklist doesn't have any effect.
Blocklist - Only the SSIDs in the blocklist are blocked and all others are allowed. Blocklist only takes effect if the allowlist is empty.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 List<WifiControlInfo> wifiList = edm.getWifiPolicy().getWifiSsidsFromWhiteLists();
 
 for (List controlInfo : wifiList) {
     Log.d(TAG, "Administrator : " + controlInfo.adminPackageName + " Entries : "
             + controlInfo.entries);
 }
 
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean isNetworkBlocked (String ssid, boolean showMsg)

Since: API level 2

Deprecated in API level 35
NOTE: This API is not available since Android 13.

API to check whether a network with a given service set identifier (SSID) is blocked.

Parameters
ssid The SSID of the network to verify.
showMsg To display information if network is blocked.
Returns
  • true if the network is blocked, false if the network is not blocked.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean isOpenWifiApAllowed ()

Since: API level 6

Deprecated in API level 35

API to check whether the user is allowed to start an open Wi-Fi hotspot

Returns
  • true if open hotspot is allowed, false if denied.
Usage
An administrator can use this API to check whether the user is allowed to start an open Wi-Fi hotspot.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 
 try {
     boolean allowOpenWifi = edm.getWifiPolicy().isOpenWifiApAllowed();
     if (allowOpenWifi) {
         Log.d(TAG, "Open Wifi AP is allowed settings");
     } else {
         Log.d(TAG, "Open Wifi AP not allowed settings");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean isWifiApSettingUserModificationAllowed ()

Since: API level 4

Deprecated in API level 35

API to check whether the user is allowed to modify the Wi-Fi access point (AP) setting.

Returns
  • true if modification is allowed, false if modification is denied.
Usage
An administrator can use this API to check whether the user is allowed to modify the hotspot settings. If modification is denied, the UI is grayed out so the user cannot modify the settings. If modification is allowed, the UI is accessible and the user can modify the Wi-Fi AP settings.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 
 try {
     boolean allowUserModify = edm.getWifiPolicy().isWifiApSettingUserModificationAllowed();
     if (allowUserModify) {
         Log.d(TAG, "Allowed to modify Wi-Fi AP settings");
     } else {
         Log.d(TAG, "Not allowed to modify Wi-Fi AP settings");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean isWifiSsidRestrictionActive ()

Since: API level 4

Deprecated in API level 35

API to retrieve the activation state of the Wi-Fi network service set identifier (SSID) whitelist and blacklist policies.

Returns
  • true if policy is activated or false if policy is deactivated
Throws
SecurityException If caller does not have required permissions
Usage

An administrator can use this API to check whether the SSID-based Wi-Fi network blacklist and whitelist policy is activated for an administrator. The SSID-based Wi-Fi network whitelist and blacklist policies are not applied unless activated using activateWifiSsidRestriction(boolean).

NOTE 1: From Knox 3.9 onwards, the following rules will apply:

Allowlist - Only the SSIDs in the allowlist are allowed and all others are blocked. The blocklist doesn't have any effect.
Blocklist - Only the SSIDs in the blocklist are blocked and all others are allowed. Blocklist only takes effect if the allowlist is empty.

NOTE 2: From Knox 3.9 onwards, the networks previously configured using addBlockedNetwork(String) will also be included in block list.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean isWifiStateChangeAllowed ()

Since: API level 5

Deprecated in API level 35

API to check whether the user is allowed to change the Wi-Fi state.

Returns
  • true if the user is allowed to change the Wi-Fi state, else false.
Since
API level 5
MDM 3.0
Multiuser Environment
Global Scope

public boolean removeBlockedNetwork (String ssid)

Since: API level 2

Deprecated in API level 33

API to remove a service set identifier (SSID) from the list of blocked networks.

Parameters
ssid The SSID to unblock
Returns
  • true if removing blocked network was successful, else false .
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to remove an SSID from the list of blocked networks, which allows the user to connect to it. For a device managed by multiple administrators, the SSID is unblocked and enabled again only if all administrators have removed the SSID from their blacklist. If any other administrator still has the SSID in its blacklist, the network remains blocked.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean removeNetworkConfiguration (String ssid)

Since: API level 2

Deprecated in API level 35

API to remove the enterprise WLAN configuration.

Parameters
ssid The service set identifier (SSID) of the enterprise WLAN network to be deleted.
Returns
  • true if removal was successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to remove an enterprise WLAN configuration. The network name is removed from the access point list so that the user does not need to remove it manually.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 WifiPolicy wifiPolicy = edm.getWifiPolicy();
 try {
     List<String> networks = wifiPolicy.getNetworkSSIDList();
     if (networks.contains("Company Wi-Fi")) {
         boolean success = wifiPolicy.removeNetworkConfiguration("Company Wi-Fi");
         if (success) {
             Log.d(TAG, "Removing configuration succeeded");
         } else {
             Log.d(TAG, "Removing configuration failed");
         }
     } else {
         Log.d(TAG, "Wi-Fi network does not exist");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 2
MDM 2.0
Dependency
The provided SSID must refer to a network created through setWifiProfile(WifiAdminProfile)
Multiuser Environment
Global Scope

public boolean removeWifiSsidsFromBlackList (List<String> ssid)

Since: API level 4

Deprecated in API level 35

API to remove Wi-Fi network service set identifiers (SSIDs) from the Wi-Fi network blacklist.

Parameters
ssid Wi-Fi network SSID to be removed from blacklist
Returns
  • true if the SSID is successfully removed from the blacklist, else false on failure
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to remove Wi-Fi network SSIDs from blacklist. The Wi-Fi networks removed from blacklist with matching SSIDs are allowed to connect to the device. Even though the SSIDs are removed from blacklist, the user must enable them manually from Settings application to make a connection.

NOTE: From Knox 3.9 onwards, the following rules will apply:

Allowlist - Only the SSIDs in the allowlist are allowed and all others are blocked. The blocklist doesn't have any effect.
Blocklist - Only the SSIDs in the blocklist are blocked and all others are allowed. Blocklist only takes effect if the allowlist is empty.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 try {
     List<String> blackList = new ArrayList<String>();
     blackList.add("Starbucks3462");
     blackList.add("Android8480");
     boolean success = edm.getWifiPolicy().removeWifiSsidsFromBlackList(blackList);
     if (success) {
         Log.d(TAG, "Removal from blacklist succeeded");
     } else {
         Log.d(TAG, "Removal from blacklist failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean removeWifiSsidsFromWhiteList (List<String> ssid)

Since: API level 4

Deprecated in API level 35

API to remove a Wi-Fi network service set identifier (SSID) from the Wi-Fi network whitelist.

Parameters
ssid Wi-Fi network SSID(s) to be removed from whitelist
Returns
  • true if the SSID is successfully removed from the whitelist, else false on failure
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to remove Wi-Fi network SSIDs from Wi-Fi network whitelist. If a SSID is removed from the whitelist and the same SSID occurs in the Wi-Fi network blacklist, the connection to that Wi-Fi network is blocked.

NOTE: From Knox 3.9 onwards, the following rules will apply:

Allowlist - Only the SSIDs in the allowlist are allowed and all others are blocked. The blocklist doesn't have any effect.
Blocklist - Only the SSIDs in the blocklist are blocked and all others are allowed. Blocklist only takes effect if the allowlist is empty.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 try {
     List<String> whiteList = new ArrayList<String>();
     whiteList.add("Starbucks3462");
     whiteList.add("Android8480");
     boolean success = edm.getWifiPolicy().removeWifiSsidsFromWhiteList(whiteList);
     if (success) {
         Log.d(TAG, "Removal from whitelist succeeded");
     } else {
         Log.d(TAG, "Removal from whitelist failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean setAllowUserPolicyChanges (boolean enable)

Since: API level 2

Deprecated in API level 35

API to allow or deny the user to modify some Wi-Fi settings of an enterprise network profile.

Parameters
enable true to allow changes in all Wi-Fi network settings, false to allow changes only in username and/or password and block removing enterprise network.
Returns
  • true if the value was set correctly, false on errors.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or deny users to modify selected Wi-Fi settings like static ip configuration, proxy settings, security type and others, of an enterprise network profile. When this policy is in effect (value false) the user can modify only the username, anonymous identity, password and/or wep keys of a Wi-Fi enterprise network. In addition, the user cannot remove the enterprise network. When true, the user can modify all Wi-Fi network settings normally and also remove it.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setAllowUserProfiles (boolean enable)

Since: API level 2

Deprecated in API level 35

API to allow or deny the user to add Wi-Fi networks on the device.

Parameters
enable true to allow the user to add new profiles.
Returns
  • true if successful, false if failed.
Throws
SecurityException If caller does not have required permissions
Usage
When this policy is set to false, the user cannot add a new Wi-Fi network through Settings or any other application. The only profiles allowed are enterprise profiles set through mobile device management (MDM) clients. For a device managed by multiple administrators, the user cannot add a Wi-Fi profile if at least one administrator disables profile additions.

For Container:

NOTE: Since MDM 5.4.1, only Android users (Owner/Guest user) administrator can call this API. For container, API will return false.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.

Since
API level 2
MDM 2.0
Multiuser Environment
User Scope

public boolean setAutomaticConnectionToWifi (boolean enable)

Since: API level 6

Deprecated in API level 35

API to allow or disallow the user to connect automatically to a known Wi-Fi network.

Parameters
enable true to allow user to automatically connect to a Wi-Fi access point.
Returns
  • true if successful, false if it failed.
Throws
SecurityException If caller does not have required permissions
Usage
When this policy is set to false, the user cannot automatically connect to a known Wi-Fi access point that is already stored on the device. However, the user can still connect to the Wi-Fi network manually through Wi-Fi settings.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 6
MDM 4.0
Multiuser Environment
Global Scope

public boolean setMinimumRequiredSecurity (int secType)

Since: API level 2

Deprecated in API level 35

API to set a minimum security level required to connect to a Wi-Fi network.

Parameters
secType The minimum required security.
Returns
  • true if successful, false on failure.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to set a minimum security level to connect to a Wi-Fi network. The security types have been grouped into security levels. Any network with a security type below the minimum security level set by the administrator is disabled and not allowed to connect to Wi-Fi. For a device managed by multiple administrators, the value belonging to the highest security level set takes precedence. The acceptable values are grouped with the following security levels (shown from lowest to highest security level):

1) OPEN
2) WEP
3) WPA
4) SAE
5) LEAP, PWD
6) FAST, PEAP
7) TLS, TTLS, SIM, AKA, AKA'

NOTE: From Knox 3.9 onwards, the security types will be grouped in the following security levels:

1) OPEN
2) WEP, WPA, SAE
3) LEAP, PWD, FAST, PEAP, TLS, TTLS, SIM, AKA, AKA'

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setPasswordHidden (boolean passHidden)

Since: API level 2

Deprecated in API level 35

API to set the hidden state of the password for the Wi-Fi network edit dialog.

Parameters
passHidden Whether the password hidden from the user.
Returns
  • true if setting the password hidden characters is successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to set whether the user can show the password characters in the Wi-Fi Access Point dialog in the Settings application. The default value is false, which means the characters are visible.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setPromptCredentialsEnabled (boolean enable)

Since: API level 2

Deprecated in API level 28

API to set whether the device prompts the user to re-enter credentials if WPA/WPA2-PSK authentication fails.

Parameters
enable To enable or deny the prompt for credentials.
Returns
  • true if prompting for credentials is enabled successfully, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to set whether the system prompts the user to re-enter credentials on WPA/WPA2 networks, which return an authentication failed message. The default value is true. WEP and EAP networks fail silently when a wrong credential is submitted.

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.

Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setWifiApSetting (String ssid, String securityType, String password)

Since: API level 4

Deprecated in API level 35

API to configure the Wi-Fi access point (AP), tethering, or hotSpot setting of the device.

Parameters
ssid The service set identifier (SSID) of the Wi-Fi network to be broadcast to Wi-Fi adapters. A null or empty string fails the API. A maximum of 32 characters is allowed.
securityType Security type of the Wi-Fi AP. Should be one of SECURITY_TYPE_OPEN, SECURITY_TYPE_WPA2_PSK or SECURITY_TYPE_SAE. Any other type fails the API.

NOTE: The security type SECURITY_TYPE_WPA_PSK is deprecated since Knox 3.2.1.

password Password to be used when security type is either SECURITY_TYPE_WPA2_PSK or SECURITY_TYPE_SAE; ignored for SECURITY_TYPE_OPEN security type. A minimum of eight characters is required for both security types: SECURITY_TYPE_WPA2_PSK and SECURITY_TYPE_SAE.
Returns
  • true if hot spot was configured successfully, false on failure
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to configure the Wi-Fi AP setting on the device so that the next time the user activates the hotspot, it uses the given settings. If the Wi-Fi AP is already active, the new setting is applied to the Wi-Fi AP immediately.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 
 try {
     boolean success = edm.getWifiPolicy().setWifiApSetting("Android123",
             WifiPolicy.SECURITY_TYPE_OPEN, null);
     if (success) {
         Log.d(TAG, "Configuring network is a success");
     } else {
         Log.d(TAG, "Configuring network is a failure");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.
Since
API level 4
MDM 2.2
Multiuser Environment
Global Scope

public boolean setWifiProfile (WifiAdminProfile profile)

Since: API level 2

Deprecated in API level 35

API to create or edit a complete Wi-Fi profile.

Parameters
profile The profile to be created or edited.
Returns
  • true if creating or editing the profile was successful, else false.
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to create or edit a full Wi-Fi profile using WifiAdminProfile instead of calling each API separately.

 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 try {
     WifiAdminProfile wifiProfile = new WifiAdminProfile();
     wifiProfile.ssid = "Company Wi-Fi";
 
     // Example for Open security level
     wifiProfile.security = "NONE";
 
     // Configuration for WEP security level
     wifiProfile.security = "WEP";
     wifiProfile.wepKeyId = 1;
     wifiProfile.wepKey1 = "abdce";
 
     // Example for WPA/WPA2-PSK security level
     wifiProfile.security = "PSK";
     wifiProfile.psk = "test1234";
 
     // Example for EAP-PEAP security level
     wifiProfile.security = "EAP-PEAP";
     wifiProfile.phase2 = "MSCHAPV2";
     wifiProfile.userIdentity = "user@company.com";
     wifiProfile.password = "sample_password";
 
     // Create the network
     boolean success = edm.getWifiPolicy().setWifiProfile(wifiProfile);
     if (success) {
         Log.d(TAG, "Setting Wi-Fi profile succeeded");
     } else {
         Log.d(TAG, "Setting Wi-Fi profile failed");
     }
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_WIFI" permission which has a protection level of signature.

From MDM 5.6 on, depending on the Credential Storage type identified by storageName parameter used in WifiAdminProfile(String), a new permission will also be enforced. System Credential Storages will check for 'com.samsung.android.knox.permission.KNOX_UCM_ESE_MGMT' permission, while non-system onefs check for 'com.samsung.android.knox.permission.KNOX_UCM_OTHER_MGMT' permission. Please refer to Universal Credential Manager (UCM) DEV guide in order to have more details of how to get these new permissions.
Since
API level 2
MDM 2.0
Multiuser Environment
Global Scope

public boolean setWifiStateChangeAllowed (boolean allow)

Since: API level 5

Deprecated in API level 35

API to allow or disallow the user to change the Wi-Fi state.

Parameters
allow true to allow, else false
Returns
  • true if successful, false if failed
Throws
SecurityException If caller does not have required permissions
Usage
An administrator can use this API to allow or disallow the user to change the Wi-Fi state. If the administrator sets the value to allow, the user has UI access to change the Wi-Fi state. If the value is set to disallow, the user does not have UI access to change the state.
 EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
 WifiPolicy wifiPolicy = edm.getWifiPolicy();
 try {
     boolean allowWifiStateChange = true;
     wifiPolicy.setWifiStateChangeAllowed(allowWifiStateChange);
 } catch (SecurityException e) {
     Log.w(TAG, "SecurityException: " + e);
 }
 
Permission
The use of this API requires the caller to add the "com.samsung.android.knox.permission.KNOX_WIFI" permission with a protection level of signature.
Since
API level 5
MDM 3.0
Multiuser Environment
Global Scope