The Knox SDK extends the functionality of the standard Android SDK to provide granular access to device features, security options, customization settings, and more. Create tailored solutions by remapping hardware keys, designing kiosks, deploying policies by geographical location, and customizing the booting animation. Keep sensitive enterprise data secure by restricting access to settings, pre-configuring VPN and firewall settings, and whitelisting and blacklisting apps.
Access over 1500+ APIs to build apps and mobile solutions that meet the needs of regulated industries such as healthcare, finance, and education. Unleash your creativity and start building world-class solutions today.
Learn more about Knox products version mapping before downloading your SDK.
Already downloaded the SDK? Jump to next steps.
How it works
The Knox SDK consolidates several existing SDKs into one convenient package and JAR library:
- Knox Standard SDK – Provides comprehensive management of mobile devices.
- Knox Premium SDK – Offers rich security and enterprise management functions, including the option to create a Knox container.
- Knox Customization SDK – Enables purpose-built devices for vertical markets.
- Knox ISV SDK – Checks for device rooting and enables Sensitive Data Protection.
- Knox UCM SDK – Allows EMM partners and storage providers to manage credentials across different storage hardware. Storage providers create plugins to handle storage requests.
- Knox VPN SDK – Allows VPN providers to deploy VPNs through their network infrastructure.
For your convenience we've added a mapping table showing how the old SDK versions map to the new Knox SDK API level.
Still using the legacy SDK? Access them here.
The Knox SDK provides you with powerful control over all aspects of Samsung devices.
Configure email on a device. Add and delete email accounts (Microsoft Exchange ActiveSync, IMAP, POP). Restrict device users from adding or changing email accounts, and enabling or disabling email settings.
Manage the apps on a device. Blacklist and whitelist apps; install and uninstall apps; enable and disable pre-installed apps like the Play Store; start and stop apps.
Control device connection settings, such as WiFi, Bluetooth, NFC, USB, Access Point Names (APN), firewalls, proxies, and domain filters.
Protect work apps and data by isolating them in a secure container that is separate from personal apps being used on the same device. Further secure thecontainer by enforcing strict password policies and implementing Knox Sensitive Data Protection (SDP), a certified mechanism that augments the protection of data-at-rest.
Create a custom-purpose device, such as a kiosk, that displays only one app and limits access to the underlying Android system.
Manage location geofencing, device date and time, NTP, roaming allowances, device inventory, SIM cards, and multi-user mode settings.
Securely and conveniently manage device certificates using the Knox TIMA Keystore, which automatically locks itself if it detects that the device is compromised.
Attain granular control over device security. Detect if a device has been rooted or is running unauthorized firmware; define password rules for unlocking a device; encrypt data on internal and external storage devices; allow OTA firmware upgrades and control Samsung's security updates and more.
EMM partners and Storage Providers can use a single set of vendor-agnostic APIs to manage credentials across different storage hardware, from smart cards to eSE chips. Storage providers can use APIs to create UCM plugins that handle these storage requests.
Secure device connections by requesting VPN tunnels. Special configurations, such as per-app VPN and VPN chaining, exist to ensure that apps effectively encrypt outgoing data and decrypt incoming data.
Knox SDK v3.4 provides these new features:
Knox SDK v3.3, now with additional APIs and framework features for developers, MDMs, and users.
- Knox Verified Boot – Provides enhancements to harden and secure your device boot process with: TrustZone interface to refer to KVB state, platform binary validation at early boot process, and rollback prevention based hardware tamper fuse.
- Dual DAR – Dual encyption allows enterprises to secure their work data with two layers of encryption even when the device is powered off or is in an unauthenticated state.
- Contact Storage Restrictions – Restrict local contacts stored on enterprise devices to reduce the risk of losing contacts or becoming out of sync with enterprise contacts.
- Knox on DeX – Allow or restrict access using the Knox platform.
- Firewall – Interaction between
DomainFilterrules and Firewall policies are now supported through the introcution of a new API.
- VPN – Improvements on user experience and VPN client performance on the Knox framework with the following enhancments: Multi-app tunneling support, Knox event and Android networking event sync, and Ongoing network flow analytics for NPA purposes.
- Deprecations –Container only mode (COM) begins deprecation starting the release of the Galaxy S10 running Knox 3.3 or any device launched after. For earlier devices such as the Galaxy S9 or S8, COM/CL containers will be supported until the ned of life of the devices.
Knox 3.2.1, built on top of Android Enterprise, supports the Android P operating system along with the following new features.
- Token password – Encrypted passwords to add an additional level of security.
- UI changes – All API methods of the Knox UCM SDK have been merged into the Knox 3.2 SDK
- An updated UI replaces the Knox container mini launcher with a tabbed UI view to separate personal and work apps
- Access workplace settings directly from the device settings menu
- VPN enhancements
- Enable common audit logs for VPN clients
- Improved performance to allow IT Admins to configure SSL/IPSEC VPN profiles on multiple devices
- Certificate provisioning – Supports IT Admins in managing certificates and keystores.
- DeX management – Knox 3.2 provides additional APIs for DeX mode:
- Set the alignment mode of the DeX launcher
- Add/remove URL shortcuts on the DeX launcher
- Add URL shortcuts on the DeX launcher with customized icons
- Enable/disable packages for DeX foreground mode
- Universal Credential Management (UCM)– All API methods of the Knox UCM SDK have been merged into the Knox 3.2 SDK
- WiFi/Bluetooth/BLE scanning control
- Enable/disable WiFi background scanning
- Enable/disable Bluetooth/BLE and associated background scanning
- Rich Communciation Services (RCS) message capture – record RCS messages, including media files
- Other updated features: ProKiosk, Network Platform Analytics (NPA), Sensitive Data Protection (SDP), Enterprise Device Manager (EDM)
- DeX management – Knox 3.1 provides APIs that target devices in DeX mode:
- Add/remove app shortcuts
- Change the loading screen that plays while the device launches in DeX mode
- Control screen timeout settings
- Enforce Ethernet data connection
- Prevent certain apps from running in DeX
These APIs don’t affect devices after they’ve been disconnected from the DeX station.
- App Permission Monitor updates – IT admins can now enable or disable access to the App Permission Monitor.
The Knox SDK also offers the following improvements:
- New Namespace – All Samsung Knox SDK packages, intents, and permissions now use the following namespace: com.samsung.android.knox. Using the same namespace simplifies the coding, troubleshooting, and support process.
- Simplified API set – API methods that were not being used or were duplicated across SDKs have been deprecated. This is to simplify the API set and improve the usability of the SDK.
- Consolidated Version Numbers – Previously, each SDK had a different version number. The new consolidated Knox SDK starts at v3.0 and uses a Knox API level to identify when individual API methods were introduced.
- Improved Structure – API methods have been re-organized to better reflect their function. The API methods that were in the generic MiscPolicy class have been moved into more appropriate classes.
- Android Enterprise Harmonization – Android Enterprise and Samsung Knox Workspace have been harmonized into one solution. As a result, you can call Knox API methods on an Android Enterprise Work Profile an Work Managed Device. For more, see Harmonization.
Next steps ...
- Get your license key - Your development key gives you permission to use all API methods in the SDK.
- Browse the API reference - This describes all SDK packages, classes, and API methods.
- Explore sample apps - Get the source code for an app that uses the Samsung Knox SDK.
- Browse the Migration Guide - Describes how to update an app that uses the Knox Standard, Premium, Customization, ISV, UCM, or VPN SDK to use the consolidated Samsung Knox SDK.
- Read the Developer Guide - Describes how to use the Samsung Knox SDK to develop an app from scratch.