Knox Premium SDK v2.8 provides these new features:
Advanced certificate enrollment and management — Enhances network security between an Enrollment over Secure Transport (EST) client and EST server per RFC 7030. Enterprises can use the EST protocol to initiate a Certificate Signing Request and manage credential generation and communications. In the class CMCProfile, use these new constants KEY_ENCR_FROM_SERVER, KEY_ENCR_TYPE, and extras.
For details about the v2.8 API methods, helper classes, and constants as well as details about older SDK versions, see the Release Notes.
Knox Premium SDK v2.7.1 ensures that the Premium SDK v2.7 features work on devices with Android v7.x (Nougat). No new features were introduced.
For details about the v2.7 API methods, helper classes, and constants as well as details about older SDK versions, see the Release Notes.
Knox Premium SDK v2.7 provided these new features:
For more info about all the new API methods, helper classes, and constants as well as details about older SDK versions, see the Release Notes.
Knox Premium SDK v2.6 provided these new features:
- Data Loss Prevention (DLP) — Enables IT admins to enforce tighter policies on the Knox container and its apps to restrict and prevent enterprise data loss/leakage. Using Knox DLP APIs, admins can designate (through a whitelist) apps that can create, consume, and set expiration rules for its content. The content associated with so designated apps is known as "DLP content". Note that this feature is currently supported for Knox container only.
- Domain filters — Restricts internet access to a limited number of domains per application or device wide. You can now allow/block apps from accessing domain names specified by the given URLs.
- SE Container Clipboard isolation — You can now isolate SE Container and Global clipboard. This feature controls the user’s behavior on clipboard (copy and paste) between personal space and the container.
- SE for Android Policy Delivery updates — Enables the ability to enforce or disable usage of the SE for Android Policy Delivery (SPD) update mechanism.
- Universal Credential Management — The Samsung Knox Universal Credential Management (UCM) framework manages credential-related services on a mobile device, and provides a streamlined interface to the different developers and vendors who populate a mobile device with the following:
- credential-consuming apps
- credential-managing apps
- storage space
Ultimately, the streamlined interface of UCM helps independent parties accomplish their tasks while bypassing the complexity of their peer’s custom API.
New support enhancements:
- Attestation — To enhance the integrity of attestation, in addition to the nonce mechanism provided, MDMs wish to collect the measured and verified APK binary and have this result attached to the blob. This enables the ISV to know exactly which application made the call and collected the information.
- Audit log — You can now get the object to access the AuditLogPolicy object for the Knox container.
- Container enhancements — Some Android permissions could be used to interact across user boundaries, including across the Knox container boundary. This feature enables us to prevent this interaction for all but the necessary system apps. It also protects system app data files with SE for Android.
- Google Play™ for Work in Container — Android™ for Work offers Google Play for Work as mechanism to deploy work applications to managed profiles. IT admin can navigate to the Google Play Store admin console and silently deploy apps on the target employee devices.
- SEAMS Container Clipboard protection — The Knox platform supports various types of app "containers" that isolate and protect the data and interfaces for a set of apps. The three main categories of containers are: Knox Workspace, SEAMS containers, and Knox Enabled App (KEA). The feature outlined in this document enables MDM-control of clipboard protections for SEAMS containers. SEAMS containers are a type of generic container that can be created on the fly through our MDM APIs to isolate apps without the heavy UX and lockscreen requirements of the Knox Workspace. The clipboard protections allow device administrators to specify whether or not the data copied into the clipboard by SEAMS container apps should be accessible by apps outside of the container.
- Trust Anchor Management — Trust anchor is a trusted CA (Certification Authority) root certificate that is typically used by apps (such as browser, email) to validate a server certificate (say during SSL/TLS connection establishment) and for app-specific operations, such as secure email using S/MIME, verification of digitally signed documents. Starting with Knox SDK 2.6, Knox devices support trust anchors. Knox devices have Trusted Credentials store per user scope that maintains a list of trust anchors that are trusted by platform/container. Trust anchors provide the basis on which apps can trust a digital certificate they receive. If trust anchors can be changed/poisoned by unauthorized entities (such as unauthorized users/apps) it can lead to apps trusting the wrong entity (for example, the wrong server/website) which can further lead to issues such as leakage of information or credentials (username/password) to the wrong entities. This feature provides an effective solution to control certificates, enable certificate installation validation, user certificate removal, and certificate failure notification for the container without affecting other users.
- Data Loss Protection Policy group
- Knox Container Management Policy group
Get policy instance:
- Knox Container Remote Content Provider Policy group
For more info about the new features, support enhancements, policies, API methods, helper classes, and constants, see the Release Notes.