Take advantage of Samsung Knox platform-level security features for your individual apps. Knox Enabled App provides the security benefits of an invisible isolated container environment and also automatically encrypt Data-at-Rest. No extensive modifications or separate app development work is required. Deploy Knox Enabled App to supported Samsung devices today and start securing your app and data with leading Samsung Knox security.


  • SEAP Partner account: If you are not yet a partner, click the button below to apply for partnership.
  • Samsung Approval: If you are already a partner, click the button below to request approval for a production key.

Important Note:

Knox Enabled App will reach end-of-sales at the end of Nov 2018. As of Android P, Samsung devices will no longer support the KEA framework.

How it works

Knox Enabled App (KEA) protects your app data by placing apps in an isolated container environment. Apps outside the container cannot communicate with a Knox Enabled App; more specifically, Android intents from apps outside the container are blocked. Inside a container, SE for Android policies control access between apps.

  1. You need a Knox license to use the secure Knox container.
    • Development license — While you are testing the feature, you get a Knox development license from this website. This license is good for 6 months and 10 devices.
    • Production license — When you are ready to deploy and distribute your app, you request approval to register your app as a Knox Enabled App.
  2. Your app must identify itself as being a Knox Enabled App. To do this, add a special KEA XML tag to your app's Android manifest file, and set up another XML file with additional configuration info.
  3. To distribute and deploy your app, you can use either:
    • public channels — for example, the Google Play store
    • private channels — for example, enterprise IT admins could push proprietary company apps over the air to employees through a Mobile Device Management (MDM) system
  4. A Samsung preloaded agent on the device communicates with the Samsung license server. If an installed app is a Knox Enabled App, the agent creates an invisible Knox container, pushes the app inside that container, and adds the Knox badge to the app's launcher icon to show users that it has been securely contained.
  • Data separation with a Knox container – Isolate and protect app data, so that potentially malicious apps can’t access data in unauthorized ways.
  • Data security – The Samsung Knox container is encrypted and client certificates are protected by TIMA and stored in the device hardware's protected TrustZone. Furthermore, Android intents and content providers from outside the container are blocked. Intents and content providers within a KEA container however are allowed; between different developers' apps in a container, access is controlled by SE for Android policies.
  • Minimal coding – Your app doesn't need to create the Knox container; it just needs some extra lines in its Android manifest file.
  • No MDM needed – An IT admin doesn't need to push your app into the Knox container; an agent on the device does this automatically.
  • Seamless to users – Your app users will not notice a difference in the layout and design of your app. Only a Knox badge on the app's launcher icon.
  • Reversible – If necessary, you can easily release an update that converts your app back to a regular Android app.

Version 2.6

  • Access files saved in the normal space – The Knox Enabled App can access files such as security certificates stored on the devices memory in normal space.
  • Enable prerequisite apps – Apps inside the invisible Knox container can now access prerequisite apps without limitations.
  • File sharing – End users can share data from the Knox Enabled App with apps in normal space with a Share or Share via button. This feature is implemented automatically with the 2.6 update. No additional development work is required.
  • Preservation of app data – When you upgrade a regular app to a Knox Enabled App, previous settings and app data are now preserved. If you change an app from Knox Enabled App to a regular Android app, previous settings and app data will still be deleted.
  • Multi-window support – Knox Enabled App can now run in multi-window mode on supported devices.

Next steps ...

  • Download the Public Key Extractor. Use it to get your app's package name and public key hash.
  • Sign into this website, to get licenses and register your app as a Knox Enabled App.
  • Get your Knox development license key. To get this key for a Knox Enabled App, you need to enter the package name and public key hash provided by the Public Key Extractor. This development key can only be generated once - after it expires, you can request to generate a production key.
  • Update your app. Add the Knox Enabled App metadata to your app's Android manifest file, then add an XML resource file containing additional configuration info. For details, see the Developer Guide.
  • Recompile your app and test it on a device that supports Knox Enabled App.
  • When you are ready to use your app in a production environment, click the REQUEST APPROVAL button above to register your app with us.
  • When you are ready to distribute your app, download the Marketing Package. This package contains images and other resources to provide users with more information about KEA security features.