Informative message

The Knox namespaces are changing

In July 2019, we are phasing out the old Knox namespaces to align with current Android conventions.
To do this, you will need to migrate to the Knox SDK. For more information on how to update your app(s), read our migration guide.


With the Samsung Knox Standard SDK, you have access to a comprehensive collection of Mobile Device Management (MDM) features. Through over 1100 API methods, you can manage many aspects of Samsung devices, from hardware components to Android settings to user accounts to apps. You can use this SDK to fully control enterprise devices to meet the strictest company policies.

This Android version of the Standard SDK requires that you develop a Java app that runs on the device. For faster deployment, you can also use the Knox Cloud SDK, which simply uses JavaScript code on a web server.

The Knox Standard SDK has been consolidated into the Knox SDK and we recommend you use the Knox SDK instead. See also: Knox product version mapping

Already a partner?  Sign in

How it works

You develop a Java app for Samsung devices running the Android platform. Through the Knox Standard SDK, your app can call over 1100 API methods to control all aspects of Samsung devices.

Your app can take commands over-the-air from a web-based MDM console, which enterprise IT admins can use to control corporate BYOD and COPE devices. This MDM console can be connected to an on-premise or cloud-based MDM server.

For more info about the SDK architecture and its components, see the Developer Guide.

The Knox Standard SDK provides hundreds of API methods that let your app control these device features:

  • Hardware — You can enable and disable the device cameras, Bluetooth, Wi-Fi, and USB connections.
  • Firmware — You can enable and disable firmware recovery, automatic updates, and OTA updates.
  • Apps — You can install or uninstall apps; enable or disable pre-installed apps like the Play Store; start or stop apps; blacklist or whitelist apps.
  • Phone — You can enable and disable SMS and MMS; limit the number of calls and SMS; and disable data roaming and tethering.
  • Email — You can configure Exchange ActiveSync, IMAP and POP3 email accounts.
  • Connectivity — You can control the settings for Wi-Fi, Access Point Name (APN), Web proxy, and Android VPN.
  • Security — You can define password rules, encrypt data on the device, install certificates, configure firewall settings, and use Cisco AnyConnect.
  • SSO — You can set up the generic SSO framework, and assign apps to Identity Providers (IdP) like Active Directory.
  • Data backup — You can manage Google backups, and enable mobile-to-PC syncing via Samsung Kies.
  • Expenses — You can get cost-related information like call and SMS usage levels and call duration times.
  • Inventory — You can get device information such as total memory usage, installed apps, and firmware version.
  • Kiosk mode — You can customize a device for a kiosk, by providing access to only one or a few apps and restricting access to the underlying Android system.
  • Location services — You can enable GPS, enforce territorial boundaries, and wipe a lost or stolen device to remove confidential data.
  • Help desk — You can send screen captures of devices and enable remote control of devices.

For more detail about all the available API features, see the API Reference.

Version 5.9

Knox Standard SDK v5.9 provides these new features:

For more info, see the Release Notes.


Version 5.8

  • Power Saving Mode — You can now allow or disallow a device from entering power saving mode. Enterprises can allow power saving mode to extend battery life, or disallow power saving to optimize performance. For example, in power saving mode, an MDM or EMM agent does not run as well and cannot receive policy updates from the IT admin server. Use the new API methods: RestrictionPolicy.allowPowerSavingMode, RestrictionPolicy.isPowerSavingModeAllowed.
  • SMS/MMS Disclaimer — You can now add a disclaimer to the end of every SMS or MMS message sent by an employee. This disclaimer is limited to 30 characters and can be either plain text or a URL. The native messaging apps that are pre-installed on Samsung devices automatically link URLs to their web pages.
    This feature is designed for regulated industries like banking, which need to attach a disclaimer to every SMS or MMS sent by their regulated employees, in order to comply with industry standards. Typically, the disclaimer links to a web page providing the full text of an organization’s legal disclaimer. Use the new API methods: PhoneRestrictionPolicy.setDisclaimerText, PhoneRestrictionPolicy.getDisclaimerText.
  • Certificate delegation — You can give third-party apps the ability to install/list/remove certificates to/in/from the Android TrustStore. The use cases are:
    • Allow an app that is inside or outside the Knox container to create a KeyPair/CSR that is compatible with DoD certificates.
    • Provide a delegated solution to install a CA/TA without directly depending on an EMM to install it.
    • Initiate a certificate enrollment process within the Knox container without being the owner of the container. Similarly, outside the Knox container, the solution may be provisioned by another MDM, like inside Knox.

Use the API methods: SecurityPolicy.addPackagesToCertificateWhiteList, SecurityPolicy.getPackagesFromCertificateWhiteList, SecurityPolicy.removePackagesFromCertificateWhiteList.

  • Enterprise Billing on Dual SIM devices — Previously, the SIM1 card was used for enterprise billing by default. With this enhancement, you can now use the SIM2 card for enterprise billing. This enhancement introduces a new API to get an instance of the PhoneRestrictionPolicy class that accepts a SimCard iccId to select a SIM card. Use the API method: PhoneRestrictionPolicy.getPhoneRestrictionPolicy.

For more info about all the new API methods, helper classes, and constants as well as details about older SDK versions, see the Release Notes.


Version 5.7.1

Knox Standard SDK v5.7.1 provides these new features:

  • Data Saver — When turned on, this feature restricts background data usage by applications, which may prevent them from working properly. Use the new API method RestrictionPolicy.allowDataSaving.
  • Enterprise Firmware-Over-The-Air (FOTA) — This feature selects the highest firmware version allowed on devices. Use the API method RestrictionPolicy.setAllowedFOTAVersion.

For more info about all the new API methods, helper classes, and constants as well as details about older SDK versions, see the Release Notes.


Version 5.7

Knox Standard SDK v5.7 provided these new features:

  • Application Restrictions — You can now configure or restrict specific application settings, using the new API method ApplicationPolicy.setApplicationRestrictions. This is simply a wrapper that lets you use the Android API method DevicePolicyManager.setApplicationRestrictions, without your app needing to be a device administrator.
  • Battery Optimizations — You can now save battery life by adding or removing apps to or from the device’s battery optimization modes: Android Doze, app standby, and power saving mode. Use the new API method ApplicationPolicy.addPackageToBatteryOptimizationWhiteList.
  • Enhanced Licensing Security — When you activate your Enterprise (ELM) license using the API method EnterpriseLicenseManager.activateLicense, the Knox platform now:
    • ensures that your app signature is valid
    • does an Attestation check to ensure that the device is not compromised
  • Selective FOTA — If you support Firmware Over The Air (FOTA) updates, you can now set the highest firmware version allowed on a device, to prevent users from agreeing to update to versions that are not yet supported by the enterprise. Use the new API method RestrictionPolicy.setAllowedFOTAVersion.

For more info about all the new API methods, helper classes, and constants as well as details about older SDK versions, see the Release Notes.


Version 5.6

Knox Standard SDK v5.6 provided these new features:

  • Android M permissions — Google's Android Marshmallow (M) OS changes the permission model for apps. Apps are now required to prompt end-users for permissions at runtime instead of during installation. This new permission model allows users to modify the permissions granted by IT admins. Knox 5.6 provides the following capabilities to implement this feature:
    • Device displays prompt to grant users permissions at run-time
    • IT Admins can programmatically pre-grant or revoke dangerous app permissions
    • Disables user option to uncheck permissions

Note that the programmatic changes are applicable at both the device level and the Knox container level. For details, see ApplicationPolicy.applyRuntimePermissions(), ApplicationPolicy.getRuntimePermissions(), and ApplicationPolicy.setAfWProxy().

  • Domain filter — Restricts internet access to a limited number of domains per application or device wide. You can now allow/block apps from accessing domain names specified by the given URLs. For details, see Firewall.addDomainFilterRules(), Firewall.removeDomainFilterRules(), Firewall.getDomainFilterRules(), Firewall.enableDomainFilterReport(), Firewall.isDomainFilterReportEnabled(), Firewall.getDomainFilterReport(), FirewallResponse.getErrorCode().
  • Google Play™ for Work (enable) — Allow Play for Work to manage apps on behalf of the enterprise. Note: This feature is currently supported for the Knox container only.
  • SE for Android Policy Delivery (SPD) updates — Enables the ability of an enterprise to enforce or disable usage of the SPD update mechanism. For details, see EnterpriseDeviceManager.getSPDControlPolicy().
  • Wearable Policy — You can enforce Application and Restriction Policies on phone to wearable devices. For details, see RestrictionPolicy.enableWearablePolicy() and RestrictionPolicy.isWearablePolicyEnabled().
  • Exchange Account Management — You can force a certificate from the Universal Credential Manager (UCM). For details, see ExchangeAccountPolicy.setForceSMIMECertificateAlias()

New support enhancements:

  • Device assistance for Default Application — You can now set default device assistance activity and service to provide integrated assistance to open other apps and enter text using voice inputs.
  • Edge screen — From now on only EDGE_FUNCTION_ALL can be passed as a parameter; any other combination of flags will return false.
  • Firewall — You can now apply IPv6 rules when designing your firewall set of rules. IPv6 is supported for ALLOW and DENY rules. Provides APIs to configure firewall rules on device, providing the ability to implement security policies.
  • Security Policy — You can now get the list of system pre-loaded certificates for a specific user. For details, see SPDControlPolicy.setAutoSecurityPolicyUpdateMode() and SPDControlPolicy.getAutoSecurityPolicyUpdateMode().

For more info about all the new API methods, helper classes, and constants as well as details about older SDK versions, see the Release Notes.

Next steps ...

  • Instead of using legacy keys and the Knox Standard SDK, we recommend migrating your app to the Knox SDK and using its development license key.
  • Review the Tutorial. This shows how to create your first app, in this case, a simple app that sets a security policy on a device to disable and enable the camera.
  • Get the Sample Apps. These include all the source code files required to compile the apps.
  • Browse the API Reference. This describes over 1100 API methods, grouped by package and class.
  • Read the Developer Guide. This provides many sample code fragments showing how to set a variety of other policies on a device.

Later, when you start coding and have questions, check the FAQs and Developer Forum for support.