25 Jan 2018

What’s new in Knox 3.0?

By Samsung Knox Team

Samsung Knox 3.0 is an exciting new release that provides many improvements to the developer experience as well as powerful new features.

The Knox 3.0 platform is built into Samsung devices running the Android 8.0 Oreo OS, and will be included in all new flagship Samsung devices. Existing Samsung devices such as the Galaxy S8 will receive firmware updates according to the release schedule of each mobile service provider. To check the Knox version running on your Samsung device, go to Settings > About device > Software info.



Let’s look at three key features in this release:

1. Samsung Knox SDK

2. Samsung Knox License

3. Android Enterprise Harmonization

Samsung Knox SDK

The new Samsung Knox SDK combines, refactors, and enhances these Samsung Knox SDKs: Knox Standard, Knox Premium, Knox Customization, and Knox ISV. For these SDKs, there is now only one consolidated Samsung Knox SDK package to download, one JAR library to import, one API Reference to search for API methods, and one Developer Guide describing the SDK features. This new SDK also consolidates the following:

  • Version - As the merged SDKs had different SDK version numbers, the new Knox SDK uses a single 3.0 version number and Knox API level 24. The Knox API level is similar to the Android API level. Each Knox SDK version has been mapped to this Knox API level. To find the API level supported by a device, call the API method EnterpriseDeviceManager.getApiLevel. In the device Settings > Device > Software Info, the Knox version now shows this Knox API level:

  • Namespace - All Samsung Knox SDK packages, intents, and permissions now use this namespace: com.samsung.android.knox. Previously, there were multiple namespaces, including one in the Google domain (android.app.enterprise). Harmonizing the namespace simplifies coding, troubleshooting, and support, and removes the possibility of future overlaps with Google.

  • Structure - API methods have been re-organized for better discoverability and renamed for consistency. The API methods that were in the generic class called MiscPolicy have been moved into more appropriate classes. Some classes have been renamed. For example, Attestation is now called AttestationPolicy for more consistency with other class names.

  • Deprecation - In the new consolidated Knox SDK, we have removed API methods that were already deprecated in the legacy Knox Standard, Premium, Customization, and ISV SDKs. We’ve also removed API methods that were duplicated across legacy SDKs or not being used as indicated by our analytics. This was to streamline the new Knox SDK and ease usability moving forward. The Knox 3.0 platform installed on devices still supports these deprecated API methods. However, we discourage using these API methods as we will likely remove support for them in the near future.

For more about updating namespaces and replacing deprecated API methods for this new consolidated Knox SDK, see the Samsung Knox SDK Migration Guide and Knox SDK Sample Apps.

Knox 3.0 adds these new features:

  • Hardware key remapping - With this feature, you can control whether or not the pressing of a particular hard key (power, volume up, volume down, home, back, menu) broadcasts an intent, which can be handled by the registered broadcast receivers. This feature was previously supported only in ProKiosk mode, but is now also available at the device level, outside of ProKiosk mode.

  • Home screen mode - You can now select whether a device supports:

    • Home screen only — The home screen is the only place where you can launch apps, and can't be deleted unless there are no app shortcuts on it.

    • Home screen with separate app launcher screens — The home screen page can be deleted because the app launcher screens also display all app shortcuts that are on the home screen.

Knox 3.0 also enhances this existing feature:

  • Network Platform Analytics - This enables the real-time monitoring of network flow behaviors without granting access to all network data. Knox 3.0 introduces full IPv6 support, DNS lookups associated with the app that requested them, and parent process hash included in the netflow data.

Samsung Knox License (SKL)

Knox v2.9 introduced a Beta version of a consolidated Samsung Knox License (SKL), which is designed to replace the Enterprise License Management (ELM) and Knox License Management (KLM) licenses. If you are already using ELM and KLM licenses, they will continue to work. If you are developing a new app, however, consider using this new SKL license with the Samsung Knox SDK.

SKL mandates apps to declare required Knox permissions in the app's manifest, in order to call API methods in the Knox SDK. You can declare at a granular level the permissions your app needs in order to call API methods in the Knox SDK. This is to help tighten security, by limiting what an app can do. To use this new permissions model, update your Android manifest file to include these tags:

  • <meta-data>:to enable Knox selective permissions

  • <uses-permission>: to declare each permission used by the app

For more about these changes, see License Enhancements. For details about the new permissions model, see Declaring permissions in your manifest file.

Android Enterprise Harmonization

Customers no longer have to choose between Android Enterprise and Samsung Knox. Android Enterprise and Samsung Knox are now harmonized into one solution on Android Oreo for Samsung devices.

As part of harmonization, customers can leverage Knox features and APIs on Android’s Work Profile and Work Managed Device modes. The:

  • Profile Owner can activate a Knox License and leverage Knox features on Android Work Profile

  • Device Owner can activate a Knox License and leverage Knox features on Android Work Managed Device

For more, see the Harmonization page and Harmonization Integration Guide.

Next Steps