NOTE - As of Knox 3.0, the preferred way to call Knox APIs is to upgrade an Android Work Profile to a Knox Workspace. This tutorial uses Android's Device Manager to call Knox APIs. See Upgrade Android Work Profile to Knox Workspace for more information.

Set up Device Admin

On this page

Android's Device Administration API provides system-level device administration capabilities that enable the creation of security-aware apps. Android’s Device Administration provides an in-depth explanation of using the Device Administration API to create device admin apps.

Register the Device Admin Receiver

First you must register the Device admin receiver in your app’s manifest. Your receiver must be a subclass of DeviceAdminReceiver that has both the BIND_DEVICE_ADMIN permission and the ability to respond to the ACTION_DEVICE_ADMIN_ENABLED intent.

In AndroidManifest.xml, insert the following xml anywhere inside the <application> tag.

        android:permission="android.permission.BIND_DEVICE_ADMIN" >
                android:resource="@xml/device_admin_receiver" />
                <action android:name="" />

The Android Device Manager also states that you must identify the security policies in use by the app in a <meta-data> entry. Since the app will use a Samsung Knox policy to disable the camera, you don't have to specify any native Android (DevicePolicyManager) policy. However, Android still requires you to create empty device_admin_receiverfile

In your project, navigate to app > src > res. Create a directory named xml. Inside this directory, create a XML resource file named device_admin_receiver.xml. and paste the following code over top of the code that was generated automatically.

<device-admin xmlns:android="">

Create the Device Admin Receiver class

Create a Device Admin Receiver java class named The device Admin Receiver should be located in: app > src > main >java> [your package name]

import android.content.Context;
import android.content.Intent;
import android.widget.Toast;

public class SampleAdminReceiver extends DeviceAdminReceiver {

    void showToast(Context context, CharSequence msg) {
        Toast.makeText(context, msg, Toast.LENGTH_SHORT).show();

    public void onEnabled(Context context, Intent intent) {
        showToast(context, "Device admin enabled");

    public void onDisabled(Context context, Intent intent) {
        showToast(context, "Device admin disabled");

Create the Device Admin methods

You will now create the ActivateAdmin() and DeactiveAdmin() method. This is invoked when the users presses ACTIVATE ADMIN.The DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN intent is started to add the app as a device administrator.

Paste the following methods into MainActivity()

 private void ActivateAdmin() {

        // Ask the user to add a new device administrator to the system
        Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
        intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, mDeviceAdmin);
        // Start the add device admin activity
        startActivityForResult(intent, DEVICE_ADMIN_ADD_RESULT_ENABLE);

 private void DeactivateAdmin() {

        DevicePolicyManager dpm = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
        if (dpm != null) {
            // Deactivate this application as device administrator
            dpm.removeActiveAdmin(new ComponentName(this, SampleAdminReceiver.class));

Tutorial Progress

You are 6/10 done! Go to the next step.