Knox improvements have a dark side...

[BarryH_GEG]

Apparently Samsung's getting ready to roll-out the announced N3 Knox improvements (consumer use vs. corporate device management) to the SGS4. One of the new Knox features allows device owners to prevent the wiping of the device in the event it's stolen. That's pretty cool. But apparently there are some pretty big security and permission changes that are being put in place to make it work based on a 9/4 SGS4 update Samsung pushed out. These are the changes from Chainfire the creator of SuperSU and Triangle Away.

• SELinux enabled and set to "restrictive"
  
  
• A more secure bootloader
  
  
• A new warranty status indicator inside the bootloader
  
  
• Inability to downgrade once the new bootloader's installed

What does it mean? The N3's locked down pretty tight and not at a carrier's direction. It's too early to say what the long-term impact will be but the devs are working on getting the flexibility that's gone back.

Follow this thread for more info...

http://forum.xda-developers.com/showthread.php?t=2432100

Here's Chainfire's post on G+...

https://plus.google.com/u/0/+Chainfire/posts/5ggu7naWtaW#+Chainfire/posts/5ggu7naWtaW

 

[sewe]

Yeah,Knox security and locked bootloader is probably going to be a major headache.

Hope there is a permanent solution for this, time will tell

GT-N7105 via Tapatalk 2

 

[Devans32]

I hope someone is going to figure it out. Im stuck with Verizon so if i buy it i don't have the option to buy it unlocked. But I'm not going to knowingly buy a locked device and then whine and complain about not being able to unlock it. Not being unlocked could be a deal breaker for me.

Sent from my XT926 using Tapatalk 4

 

[daraj]

If thats true, then its a big blow to the dev community

 

[joverclock]

i already preordered mine out of contract. This is really something that concerns me. Coming from the note 1 I really only care about the screen size/ quality/ camera/ and snapdragon 800. i got 15 days to return and this might be the reason why. I find flashing to be fun.(phones and self=) 21 days of pondering after being pretty dam sure on next phone.

 

[CLARiiON]

Is Knox included by default for all N3? or is it just for business customers?

 

[xaelith]

Is Knox included by default for all N3? or is it just for business customers?

I don't know for sure if Samsung has said one way or the other, but from a production standpoint, it would be easier to include it on all phones.

My main concern is that with a locked bootloader, adding a custom recovery is much more difficult. I prefer being able to create my own phone backups and use them as-needed. Android's stock recovery hasn't changed since at least the OG Droid, and therefore lacks this ability. Otherwise, my personal reasons for wanting to flash have significantly reduced since my first Android device.

 

[DCLocal]

Not being unlocked could be a deal breaker for me. Sent from my XT926 using Tapatalk 4

If thats true, then its a big blow to the dev community

This is really something that concerns me. I find flashing to be fun.

This is indeed a concern and could be a deal breaker for me too. As joverclock said, I too really enjoy tinkering with my phone and have missed the active development activities with my EVO 4G LTE that I enjoyed with the original EVO.

 

[abe_cedar]

Dev Edition?

This is indeed a concern and could be a deal breaker for me too. As joverclock said, I too really enjoy tinkering with my phone and have missed the active development activities with my EVO 4G LTE that I enjoyed with the original EVO.

Them ( CFO Shamwow VZW) selling phones at retail price locked is a joke. Full price I want to do whatever with the phone. vzw s4 seems pretty well locked on the MDK (latest) revision without the possib to odin downgrade.
Any rumors of a dev version ( unlocked bootloader ) in similar way with this?
Not unlocked no note 3 for me. I have preordered i605-note 2 and Adam Outler unlocked it in 7 days ( including ordering the phone). maybe he can help again.


Many thanks
Abe

 

[Bataga]

Is Knox included by default for all N3? or is it just for business customers?

It's on my att S4

Sent from my GT-I9505 using XDA Premium 4 mobile app

 

[BarryH_GEG]

Is Knox included by default for all N3? or is it just for business customers?

Samsung KNOX & Find My Mobile

The new GALAXY Note 3 comes with enhanced privacy and security protection provided by Samsung KNOX. Users can activate Samsung KNOX with ease which allows them to run and store security-sensitive applications and data inside a protected execution environment called “container.” The security inside the container is strengthened by system-level protection of Samsung KNOX against malware and phishing attacks as well as hacking attempts on physical devices when devices are stolen or lost. For instance, important personal pictures or video can be stored in the container with no worries for data leakage due to hacking. In addition, users may choose to store enterprise applications and data such as corporate email, contacts and calendar and allow the IT department to manage the container through EAS (Exchange ActiveSync Server). These features make the GALAXY Note 3 an ideal device for BYOD (Bring-Your-Own-Device to work)

Furthermore, the GALAXY Note 3 is equipped with an improved Find My Mobile feature that allows users to disable the phone when it is stolen or lost. With the enhanced user authentication, the technology prevents stolen mobile phones from being reset to factory settings, and allows users to remotely track or erase the data from their lost or stolen mobile phones.​

A user doesn't have to activate it but the hooks it needs and control over the bootloader it requires will be on every N3. The same hooks and bootloader changes were just pushed out to the SGS4 which is what has their forum up in arms. I'm guessing Knox was inert on consumer SGS4's originally because it required corporate device management s/w to enable it. Now that it's being aimed at consumers it's going to be on all Samsung's devices that can support it. The devs on the SGS4 forum are still trying to understand what the changes mean and how to work around them. It broke all Chainfire's apps (One Click Root, SuperSU, Triangle Away, Mobile Odin) so he's especially keen at addressing Knox's new "features."

 

[jetjock]

Samsung had a big presence here at the Atlanta Airwatch Connect conference. They mention the new Knox capable hardware "burns in on hardware" when it is rooted and cannot be undone.

I'm not enough of a techie to ask them more specifics about how they accomplish this. But thought I would pass it on here so someone smarter than I can valid this claim.

I might just cancel my preorder if this is true.

Sent from my SAMSUNG-SGH-I317 using xda app-developers app

 

[joverclock]

Samsung had a big presence here at the Atlanta Airwatch Connect conference. They mention the new Knox capable hardware "burns in on hardware" when it is rooted and cannot be undone.

I'm not enough of a techie to ask them more specifics about how they accomplish this. But thought I would pass it on here so someone smarter than I can valid this claim.

I might just cancel my preorder if this is true.

Sent from my SAMSUNG-SGH-I317 using xda app-developers app

Yes if this is true I will be getting back form 739 from best buy and giving it to someone else.

 

[force70]

We have been lucky with the s4 here in canada..non locked bootloader. The last at&t ota locked theirs down and they have root but thats all.now it seems the international devices are being locked down also.

I hope the CAN version of the N3 continues the no lock trend but I kind of doubt it. I planned or pre ordering but I think ill wait and see first.

I refuse to spend $800 on a device and not be able to do what I want with it.

sent from my S3, S4 or Note2

 

[@rbiter]

Samsung is gonna be hurting if they shy away the regular Joe consumer to try and get enterprise customers. I would think consumers outnumber enterprise people but even if not true, Samsung won't get all thebeneterprise with apple, Microsoft and blackberry in the running also. I am hoping for an unlocked USA LTE band compatible with unlocked bootloader. My next phone needs to hold me until 64bit chips makebwaves on android and I think the note3 can do that in the meantime. The note2 probably could but I am smartphone techno nerd and the note 2 will be ancient history to me if I owned it more than 15 months.

 

[Obagleyfreer]

Just thought I'd let you all know:

I have the new MH8 firmware on my S4 that has the new locked bootloader and Knox security.

I had no trouble rooting it, installing CWM Recovery and flashing CM10.2. All works fine.

The downside is that once you're on this new bootloader you cannot downgrade stock firmware using Odin.
That's the only limitation I've come across.
I can still flash any custom ROM, any custom Kernel and any custom recovery

 

[BarryH_GEG]

Samsung is gonna be hurting if they shy away the regular Joe consumer to try and get enterprise customers. I would think consumers outnumber enterprise people but even if not true, Samsung won't get all thebeneterprise with apple, Microsoft and blackberry in the running also. I am hoping for an unlocked USA LTE band compatible with unlocked bootloader. My next phone needs to hold me until 64bit chips makebwaves on android and I think the note3 can do that in the meantime. The note2 probably could but I am smartphone techno nerd and the note 2 will be ancient history to me if I owned it more than 15 months.

XDA looks at Knox's impact to customization and shivers. The masses look at it as a safe and unique place to store their porn and a way of increasing the chances of getting their lost/stolen device back. We're 5% of the market and the masses are 95%. Samsung losing 5% of their sales is about equal to all the devices HTC will sell in 2013. We're opinion leaders and early adopters but we're not indispensable.

P.S. - I'm not agreeing with what Samsung's doing so please don't shoot the messenger.

 

[Arsaw]

XDA looks at Knox's impact to customization and shivers. The masses look at it as a safe and unique place to store their porn and a way of increasing the chances of getting their lost/stolen device back. We're 5% of the market and the masses are 95%. Samsung losing 5% of their sales is about equal to all the devices HTC will sell in 2013. We're opinion leaders and early adopters but we're not indispensable.

P.S. - I'm not agreeing with what Samsung's doing so please don't shoot the messenger.

I'm sure the 5% are capable to influence another 30% of the masses not to buy Note 3

Sent from my GT-I9300 using Tapatalk 2

 

[markysd]

when will we know its locked? how long does it take for hackers/devs to find out that it can be unlocked..?

still not sure if i should pull the trigger for the pre order.. im assuming its a 50/50 chance because if i get it now and it can be unlocked and later they update it and it ships with that new update ill be bum and locked out on the fun

i need my root.. dont like ads/crapware

 

[IamPro]

when will we know its locked? how long does it take for hackers/devs to find out that it can be unlocked..?

still not sure if i should pull the trigger for the pre order.. im assuming its a 50/50 chance because if i get it now and it can be unlocked and later they update it and it ships with that new update ill be bum and locked out on the fun

i need my root.. dont like ads/crapware

I just realized how much I use Root lol, def gonna need that at a min if I want to switch