Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,811,290 Members 46,469 Now Online
XDA Developers Android and Mobile Development Forum

Everything KNOX...

Tip us?
 
lawalty
Old
#1  
lawalty's Avatar
Senior Member - OP
Thanks Meter 116
Posts: 909
Join Date: May 2008
Default Everything KNOX...

FYI: Please don't get offended by me posting this thread. I searched and couldn't find anything dedicated to KNOX and discussions about it. So I created a thread where we can hammer out our ideas, and logic.

Firstly, here is a little video explaining what Samsung KNOX is:



My "cliff note" explanation of what KNOX is:

A virtual environment, on your phone, where running "un-approved" applications, will not affect the KNOX environment. In other words, it's like running a program like Virtual Box for your Note 3, and only pre-approved "limited" apps can run in this environment. In the video, it says how taking a picture, can be emailed and shared, yet outside of KNOX, you can't access this picture.

https://www.samsungknox.com/

KNOX has been in development for quite some time. What I have found out, it's like Fort Knox (get the pun?). Fort Knox is known to be impenetrable (http://ainulfarina.blogspot.com/2013/01/fort-knox-most-secure-vault-in-world.html). Samsung has partnered with various software and hardware companies to develop a platform for the infrastructure of business, with security in mind. We're talking about security on the hardware level. To market this, to tap into the business/enterprise world, using the Note 3 as the preferred paperless, go to device. To achieve this, they need sell the idea that security is king. However, they don't want to exclude the rest of the market of the common everyday individual. That's why Samsung tag line is "Work and play on one device".

This KNOX environment needs to be installed and set up. The desired list of apps would need to be pre-approved for your devise as part of the set-up process. I'm sure this is on an organizational level.

Peace be with you!

Phone: AT&T Samsung Galaxy Note 3
Tablet: Samsung Galaxy Note Pro 12.2
Watch: FitBIt Force
The Following 5 Users Say Thank You to lawalty For This Useful Post: [ Click to Expand ]
 
noc007
Old
#2  
Member
Thanks Meter 6
Posts: 44
Join Date: Sep 2010
I have a couple of questions on KNOX which I hope the answer is Yes to both:
Will it work if the phone is un-rooted, but had been previously rooted?
Will it prevent MDM applications from reading personal stuff like installed text messages and other stuff outside of KNOX on the phone?


There are a few things that I'd like to do which requires root to do. A couple of examples, among many, are removing bloatware that can't be disabled and BT pairing a PS3 controller.

My employer has selected MobileIron for their MDM due to the head of Security having some relative there (nepotism) when there were plans to use and sell as a SaaS solution the less intrusive AirWatch. Interest in MobileIron by our customers is much lower than AirWatch since it doesn't fit into the SaaS model like our other services.

The big problem with MobileIron from an end user perspective is how intrusive it is. It logs everything and sends that info to the management server; this includes text messages. On company issued equipment, no privacy is to be expected however, that privacy is expected on my personal stuff. I'm told MobileIron has the capability to go through the phones storage and download anything.

I'll consider leveraging KNOX if those two questions have "Yes" as an answer. Frankly, my employer is being unreasonable with their mobile requirements (long story) and the head of Security maintains his ass as his hat with more power than he should because of his relationship with a VP or the CEO. I have been using an alternate method to the silliness of walking around with two phones that facilitates their electronic checks; I just don't advocate the solution.
The Following User Says Thank You to noc007 For This Useful Post: [ Click to Expand ]
 
lawalty
Old
#3  
lawalty's Avatar
Senior Member - OP
Thanks Meter 116
Posts: 909
Join Date: May 2008
Quote:
Originally Posted by noc007 View Post
I have a couple of questions on KNOX which I hope the answer is Yes to both:
Will it work if the phone is un-rooted, but had been previously rooted?
Will it prevent MDM applications from reading personal stuff like installed text messages and other stuff outside of KNOX on the phone?
I have many friends who have rooted their phones, but none that I know use the KNOX environment. Even using the Note 2 for a full year, this is the first time i've heard of KNOX when exploring my Note 3.

I also want to know if triggering the KNOX flag, can that environment still be accessed, or even installed?

I can only assume the answer would be "yes" to your second questions, since it's a separate environment altogether. I understand that anything done outside KNOX mode is excluded from effecting it, however wouldn't it be the same from within?

To answer your first question, we would need someone who rooted their phone, and simply select KNOX from the app drawer, go through the install process and find out.

Peace be with you!

Phone: AT&T Samsung Galaxy Note 3
Tablet: Samsung Galaxy Note Pro 12.2
Watch: FitBIt Force
 
nygmam
Old
#4  
nygmam's Avatar
Senior Member
Thanks Meter 178
Posts: 799
Join Date: Oct 2007
Location: New York, NY
While I haven't chosen to activate or use Knox, I believe you are limited to installing apps from the Knox store. You can see the apps available on the store at the Knox Website.

Not only will Knox basically run all apps in a sandbox, it will only run Knox approved apps, further locking down the possibility of something bad being installed. You can't even take a screen shot in the Knox environment. Think of it as a locked down virtual box on your phone, that separates your work life from your private, and protects the work related data.

[Phone: T-Mobile Note 3]
[ROM: Rooted KK Stock 4.4.2][knox: 0x0]

Wife: Samsung Galaxy S4- Stock

_____

[For Sale]:HTC HD2 - TMOUS
[ROM:Pixeldroid JB 4.2.2 V6]
[R:2.15.50.14][SPL:HardSPL2-1024 2.08]
_____

Twins Tablet x2: Samsung Galaxy Tab 10.1 - Stock Rom - Rooted


Samsung Smartview Dual View TV app - Works on S2, S3 maybe more
<<User name should be NYGMan, been meeing to change it for some time, but now it's too late>>
 
wing_addict_usa
Old
#5  
wing_addict_usa's Avatar
Senior Member
Thanks Meter 14
Posts: 249
Join Date: Jul 2008
selinux
 
siraltus
Old
#6  
Senior Member
Thanks Meter 375
Posts: 885
Join Date: Jan 2010
Quote:
Originally Posted by lawalty View Post

I also want to know if triggering the KNOX flag, can that environment still be accessed, or even installed?
Once the KNOX WARRANTY VOID bootloader flag is set to 0x1, the phone is considered compromised and the KNOX secure container cannot be created. In other words, once you root, the KNOX sandbox will never function again.

The flag is there for exactly this purpose - to disallow compromised devices from accessing secure apps and systems that require sandboxing; the fact Samsung also started using it to deny warranty claims is a side effect caused by their greed.
The Following 4 Users Say Thank You to siraltus For This Useful Post: [ Click to Expand ]
 
Steve Lazarus
Old
(Last edited by Steve Lazarus; 12th October 2013 at 01:06 AM.)
#7  
Steve Lazarus's Avatar
Senior Member
Thanks Meter 474
Posts: 747
Join Date: May 2013
Location: Syracuse, NY
Quote:
Originally Posted by siraltus View Post
Once the KNOX WARRANTY VOID bootloader flag is set to 0x1, the phone is considered compromised and the KNOX secure container cannot be created. In other words, once you root, the KNOX sandbox will never function again.

The flag is there for exactly this purpose - to disallow compromised devices from accessing secure apps and systems that require sandboxing; the fact Samsung also started using it to deny warranty claims is a side effect caused by their greed.
I really think Samsung should of had a business line of Note 3 devices, as compared to every phone having the Knox "container", I think it's a contributing Factor to the bootloop issues that are widespread and creating more headaches than it's worth.

There's going to be a very small population of users that will actually consider even using Knox, yet as stated, is creating major issues in the Note 3 community.

Sent from my SM-N900T using XDA Premium 4 mobile app
 
lawalty
Old
#8  
lawalty's Avatar
Senior Member - OP
Thanks Meter 116
Posts: 909
Join Date: May 2008
What was Samsung thinking of putting KNOX on the Note 3s with unlocked bootloaders? If simply rooting the phone triggers the KNOX flag, permanently flagging the phone for any future dealings with this secure mode for businesses, wouldn't it be simpler to only have the flag if rooted?

So if your phone is not rooted, then you can install KNOX. If you phone currently is rooted, then no KNOX.

My fear is that other companies, that don't like people rooting the phones where their apps are installed on, might hop on this, and consider this as a solution.

Sent from my SM-N900T using XDA Premium 4 mobile app

Peace be with you!

Phone: AT&T Samsung Galaxy Note 3
Tablet: Samsung Galaxy Note Pro 12.2
Watch: FitBIt Force
 
wing_addict_usa
Old
#9  
wing_addict_usa's Avatar
Senior Member
Thanks Meter 14
Posts: 249
Join Date: Jul 2008
knox flag is the same thing as the note ii warranty flag. wtf do they call it knox

anyway its bs i cant use knox if im rooted
 
muqali
Old
#10  
muqali's Avatar
Senior Member
Thanks Meter 95
Posts: 620
Join Date: Nov 2007
Location: Unfortunately, Mexico
Quote:
Originally Posted by siraltus View Post
Once the KNOX WARRANTY VOID bootloader flag is set to 0x1, the phone is considered compromised and the KNOX secure container cannot be create.... the fact Samsung also started using it to deny warranty claims is a side effect caused by their greed.
Just open the phone, use some fine wires to pump enough voltage and current into it to fry some stuff. Make it look like a charger or battery issue. Warranty still "valid". They want to screw us, we can screw back.
Android FOSS Repository - http://f-droid.org/

The Following 12 Users Say Thank You to muqali For This Useful Post: [ Click to Expand ]
Tags
business, enterprise, flag, knox
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes