15 Feb 2019

What's new in Knox SDK 3.3?

By Karen (Programmer Writer)

Introducing Samsung Knox SDK v3.3, now with additional APIs and mobile security framework features to assist in total Unified Endpoint Management (UEM) – this benefits both mobile app developers, enterprise IT admins, and device-users of any Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) system.

We’re excited for you to try the latest feature improvements to the SDK, visit the Knox SDK page for additional information and to download the SDK!

New Features in Knox v3.3

In this release, Knox Verified Boot now monitors and protects boot in addition to Knox security built at a hardware level. Additional APIs included in this release provide functionality improvements to workspace encryption, Samsung Dex and Network Analytics.

Highlights in this release:

  • Knox Verified Boot: new enhancements to harden and secure your device boot process.
  • Dual DAR: provides dual encryption for the Knox Workspace.
  • New APIs: provide more options to manage Samsung DeX, Network Platform Analytics (NPA) and VPN.

Knox Verified Boot

Knox Verified Boot is designed to be a more complete integration of AVB(Android Verified Boot) on our devices, which means we will be able to provide a more reliable Verified Boot State to the systems that use it. This release provides the following:

  • TrustZone interface used to refer to KVB state for added security.
  • Platform binary validation to protect at the early boot process.

NOTE —This feature is enabled by default on new devices released with Knox 3.3, but is not available to older devices with firmware updates to Knox 3.3.

Dual DAR

With Knox 3.3, Dual encryption allows enterprises to secure their work data with two layers of encryption, which provides protection to devices even while powered off or in an unauthenticated state. With single layer encryption, potential flaws in the implementation may result in a single point of failure.

For additional details about the new Dual DAR feature, learn how to configure a DUAL DAR workspace.

Contact Storage Restrictions

Restrict local contacts stored on enterprise devices to reduce the risk of losing contacts or becoming out of sync with enterprise contacts. For more information, see contact storage.

Knox on DeX

Samsung DeX now has a new feature to allow or restrict access using the Knox platform for added control and security.

For API implementation, learn more about Samsung DeX with Knox.

Firewall

Knox SDK 3.3 now supports the interaction between DomainFilter rules and Firewall policies on a specified device by introducing a new API enableDomainFilterOnIptables() that enables this new feature. Without this feature enabled, Firewall policies can affect whitelist rules applied by Domain Filter.After enabling this API, admins can do the following use cases:

  • Use FirewallRule to block all IPs in a specified device.
  • Use the DomainFilterRule() to allow specific domains to be white listed even if the IPs were blocked using Firewall policies.

To learn more about this new feature, visit the Firewall section of the Knox SDK user guide.

VPN improvements

This release includes several enhancements to improve user experience and VPN client performance on the Knox framework. The enhancements include:

  1. Multi-app tunneling support — Enhances user experience when using VPN tunnels to allow users the ability to connect with and start using business apps immediately after establishing a VPN tunnel.
  2. Knox event and Android networking event synchronization — Improves VPN client performance to allow the Knox container to recognize that the VPN client is connected without any delay.

Network Platform Analytics

This release of Knox 3.3 includes ongoing network flow analytics for NPA purposes. This feature allows IT admins to configure EMM-based NPA tools to receive network statistics while the network connection is ongoing. Doing so efficiently gathers analytics for long lasting network sessions. 

For more information, see how to configure NPA reporting.

Notice

VPN namespace

With Knox SDK 3.0, all apps must convert to the new Android namespace conventions as described in IMPORTANT NOTICE: Changes to old Samsung Knox namespace.

For information on updating your VPN clients to use the new namespace, see VPN namespace changes.

Container Only Mode (COM) deprecation

Container Only Mode is deprecated starting the release of Galaxy S10 running Knox 3.3 or any device launched after.

NOTE — If you’re using COM/CL containers on a previous device, such as in the Galaxy S9 or S8, they will be supported until the end of life of the devices. See the bulletin notice for more information.

Try them now…

We encourage you to try the latest improvements to the Knox SDK.

  • Go to Knox SDK to get more info and download the Knox SDK.
  • For details about API methods in the Knox SDKs, see the Knox SDK API References.
  • If you are new to our licenses, learn more about our license keys here.

We are already diving into the next SDK releases, and discussing the features that will help you deliver the most compelling enterprise apps and solutions. Join this dialog through our Developer Forum!