FORUMS

HTC’s New Ad Campaign And What It Really Means

HTC has just released three new blind test adverts comparing app loading … more

XDA Picks: Best Apps of the Week (June 27 – July 4)

Apps are at the front and center of any smartphone experience, and with over a … more

HTC One M9 Developer Edition Android 5.1 OTA

The Developer Edition of the HTC One M9 is receiving an over-the-air update to Android 5.1. … more

Index Project For XDA Device Subforums

Another ambitious project from the collaborative efforts of Recognized Contributors and Forum … more

Everything KNOX...

949 posts
Thanks Meter: 135
 
By lawalty, Senior Member on 10th October 2013, 08:33 PM
Post Reply Subscribe to Thread Email Thread
FYI: Please don't get offended by me posting this thread. I searched and couldn't find anything dedicated to KNOX and discussions about it. So I created a thread where we can hammer out our ideas, and logic.

Firstly, here is a little video explaining what Samsung KNOX is:



My "cliff note" explanation of what KNOX is:

A virtual environment, on your phone, where running "un-approved" applications, will not affect the KNOX environment. In other words, it's like running a program like Virtual Box for your Note 3, and only pre-approved "limited" apps can run in this environment. In the video, it says how taking a picture, can be emailed and shared, yet outside of KNOX, you can't access this picture.

https://www.samsungknox.com/

KNOX has been in development for quite some time. What I have found out, it's like Fort Knox (get the pun?). Fort Knox is known to be impenetrable (http://ainulfarina.blogspot.com/2013/01/fort-knox-most-secure-vault-in-world.html). Samsung has partnered with various software and hardware companies to develop a platform for the infrastructure of business, with security in mind. We're talking about security on the hardware level. To market this, to tap into the business/enterprise world, using the Note 3 as the preferred paperless, go to device. To achieve this, they need sell the idea that security is king. However, they don't want to exclude the rest of the market of the common everyday individual. That's why Samsung tag line is "Work and play on one device".

This KNOX environment needs to be installed and set up. The desired list of apps would need to be pre-approved for your devise as part of the set-up process. I'm sure this is on an organizational level.
The Following 5 Users Say Thank You to lawalty For This Useful Post: [ View ]
 
 
10th October 2013, 09:19 PM |#2  
Member
Thanks Meter: 6
 
More
I have a couple of questions on KNOX which I hope the answer is Yes to both:
Will it work if the phone is un-rooted, but had been previously rooted?
Will it prevent MDM applications from reading personal stuff like installed text messages and other stuff outside of KNOX on the phone?


There are a few things that I'd like to do which requires root to do. A couple of examples, among many, are removing bloatware that can't be disabled and BT pairing a PS3 controller.

My employer has selected MobileIron for their MDM due to the head of Security having some relative there (nepotism) when there were plans to use and sell as a SaaS solution the less intrusive AirWatch. Interest in MobileIron by our customers is much lower than AirWatch since it doesn't fit into the SaaS model like our other services.

The big problem with MobileIron from an end user perspective is how intrusive it is. It logs everything and sends that info to the management server; this includes text messages. On company issued equipment, no privacy is to be expected however, that privacy is expected on my personal stuff. I'm told MobileIron has the capability to go through the phones storage and download anything.

I'll consider leveraging KNOX if those two questions have "Yes" as an answer. Frankly, my employer is being unreasonable with their mobile requirements (long story) and the head of Security maintains his ass as his hat with more power than he should because of his relationship with a VP or the CEO. I have been using an alternate method to the silliness of walking around with two phones that facilitates their electronic checks; I just don't advocate the solution.
The Following User Says Thank You to noc007 For This Useful Post: [ View ]
10th October 2013, 09:45 PM |#3  
lawalty's Avatar
OP Senior Member
Thanks Meter: 135
 
More
Quote:
Originally Posted by noc007

I have a couple of questions on KNOX which I hope the answer is Yes to both:
Will it work if the phone is un-rooted, but had been previously rooted?
Will it prevent MDM applications from reading personal stuff like installed text messages and other stuff outside of KNOX on the phone?

I have many friends who have rooted their phones, but none that I know use the KNOX environment. Even using the Note 2 for a full year, this is the first time i've heard of KNOX when exploring my Note 3.

I also want to know if triggering the KNOX flag, can that environment still be accessed, or even installed?

I can only assume the answer would be "yes" to your second questions, since it's a separate environment altogether. I understand that anything done outside KNOX mode is excluded from effecting it, however wouldn't it be the same from within?

To answer your first question, we would need someone who rooted their phone, and simply select KNOX from the app drawer, go through the install process and find out.
11th October 2013, 12:35 AM |#4  
nygmam's Avatar
Senior Member
Flag New York, NY
Thanks Meter: 190
 
More
While I haven't chosen to activate or use Knox, I believe you are limited to installing apps from the Knox store. You can see the apps available on the store at the Knox Website.

Not only will Knox basically run all apps in a sandbox, it will only run Knox approved apps, further locking down the possibility of something bad being installed. You can't even take a screen shot in the Knox environment. Think of it as a locked down virtual box on your phone, that separates your work life from your private, and protects the work related data.
11th October 2013, 04:53 AM |#5  
wing_addict_usa's Avatar
Senior Member
Thanks Meter: 17
 
More
selinux
11th October 2013, 09:33 PM |#6  
Senior Member
Thanks Meter: 555
 
More
Quote:
Originally Posted by lawalty


I also want to know if triggering the KNOX flag, can that environment still be accessed, or even installed?

Once the KNOX WARRANTY VOID bootloader flag is set to 0x1, the phone is considered compromised and the KNOX secure container cannot be created. In other words, once you root, the KNOX sandbox will never function again.

The flag is there for exactly this purpose - to disallow compromised devices from accessing secure apps and systems that require sandboxing; the fact Samsung also started using it to deny warranty claims is a side effect caused by their greed.
The Following 5 Users Say Thank You to siraltus For This Useful Post: [ View ]
12th October 2013, 01:00 AM |#7  
Steve Lazarus's Avatar
Senior Member
Flag Syracuse, NY
Thanks Meter: 584
 
More
Quote:
Originally Posted by siraltus

Once the KNOX WARRANTY VOID bootloader flag is set to 0x1, the phone is considered compromised and the KNOX secure container cannot be created. In other words, once you root, the KNOX sandbox will never function again.

The flag is there for exactly this purpose - to disallow compromised devices from accessing secure apps and systems that require sandboxing; the fact Samsung also started using it to deny warranty claims is a side effect caused by their greed.

I really think Samsung should of had a business line of Note 3 devices, as compared to every phone having the Knox "container", I think it's a contributing Factor to the bootloop issues that are widespread and creating more headaches than it's worth.

There's going to be a very small population of users that will actually consider even using Knox, yet as stated, is creating major issues in the Note 3 community.

Sent from my SM-N900T using XDA Premium 4 mobile app
Last edited by Steve Lazarus; 12th October 2013 at 01:06 AM.
12th October 2013, 02:15 AM |#8  
lawalty's Avatar
OP Senior Member
Thanks Meter: 135
 
More
What was Samsung thinking of putting KNOX on the Note 3s with unlocked bootloaders? If simply rooting the phone triggers the KNOX flag, permanently flagging the phone for any future dealings with this secure mode for businesses, wouldn't it be simpler to only have the flag if rooted?

So if your phone is not rooted, then you can install KNOX. If you phone currently is rooted, then no KNOX.

My fear is that other companies, that don't like people rooting the phones where their apps are installed on, might hop on this, and consider this as a solution.

Sent from my SM-N900T using XDA Premium 4 mobile app
12th October 2013, 06:15 AM |#9  
wing_addict_usa's Avatar
Senior Member
Thanks Meter: 17
 
More
knox flag is the same thing as the note ii warranty flag. wtf do they call it knox

anyway its bs i cant use knox if im rooted
12th October 2013, 06:33 AM |#10  
muqali's Avatar
Senior Member
Flag Unfortunately, Mexico
Thanks Meter: 95
 
More
Quote:
Originally Posted by siraltus

Once the KNOX WARRANTY VOID bootloader flag is set to 0x1, the phone is considered compromised and the KNOX secure container cannot be create.... the fact Samsung also started using it to deny warranty claims is a side effect caused by their greed.

Just open the phone, use some fine wires to pump enough voltage and current into it to fry some stuff. Make it look like a charger or battery issue. Warranty still "valid". They want to screw us, we can screw back.
The Following 12 Users Say Thank You to muqali For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Tags
business, enterprise, flag, knox
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes