Knox improvements have a dark side...

Search This thread

BarryH_GEG

Senior Member
Jan 16, 2009
10,198
5,143
Spokane, Washington
Apparently Samsung's getting ready to roll-out the announced N3 Knox improvements (consumer use vs. corporate device management) to the SGS4. One of the new Knox features allows device owners to prevent the wiping of the device in the event it's stolen. That's pretty cool. But apparently there are some pretty big security and permission changes that are being put in place to make it work based on a 9/4 SGS4 update Samsung pushed out. These are the changes from Chainfire the creator of SuperSU and Triangle Away.

  • SELinux enabled and set to "restrictive"

  • A more secure bootloader

  • A new warranty status indicator inside the bootloader

  • Inability to downgrade once the new bootloader's installed
What does it mean? The N3's locked down pretty tight and not at a carrier's direction. It's too early to say what the long-term impact will be but the devs are working on getting the flexibility that's gone back.

Follow this thread for more info...

http://forum.xda-developers.com/showthread.php?t=2432100

Here's Chainfire's post on G+...

https://plus.google.com/u/0/+Chainfire/posts/5ggu7naWtaW#+Chainfire/posts/5ggu7naWtaW
 
  • Like
Reactions: betoNL

sewe

Senior Member
Jul 20, 2010
1,480
233
Yeah,Knox security and locked bootloader is probably going to be a major headache.

Hope there is a permanent solution for this, time will tell:(

GT-N7105 via Tapatalk 2
 

Devans32

Senior Member
Jan 2, 2013
178
55
I hope someone is going to figure it out. Im stuck with Verizon so if i buy it i don't have the option to buy it unlocked. But I'm not going to knowingly buy a locked device and then whine and complain about not being able to unlock it. Not being unlocked could be a deal breaker for me.

Sent from my XT926 using Tapatalk 4
 

joverclock

Senior Member
Sep 13, 2012
84
24
i already preordered mine out of contract. This is really something that concerns me. Coming from the note 1 I really only care about the screen size/ quality/ camera/ and snapdragon 800. i got 15 days to return and this might be the reason why. I find flashing to be fun.(phones and self=) 21 days of pondering after being pretty dam sure on next phone.
 

xaelith

Member
Sep 2, 2012
36
9
Is Knox included by default for all N3? or is it just for business customers?

I don't know for sure if Samsung has said one way or the other, but from a production standpoint, it would be easier to include it on all phones.

My main concern is that with a locked bootloader, adding a custom recovery is much more difficult. I prefer being able to create my own phone backups and use them as-needed. Android's stock recovery hasn't changed since at least the OG Droid, and therefore lacks this ability. Otherwise, my personal reasons for wanting to flash have significantly reduced since my first Android device.
 

DCLocal

Senior Member
Nov 2, 2008
146
28
Washington, DC
Not being unlocked could be a deal breaker for me. Sent from my XT926 using Tapatalk 4

If thats true, then its a big blow to the dev community :(

This is really something that concerns me. I find flashing to be fun.

This is indeed a concern and could be a deal breaker for me too. As joverclock said, I too really enjoy tinkering with my phone and have missed the active development activities with my EVO 4G LTE that I enjoyed with the original EVO.
 

abe_cedar

Senior Member
May 23, 2011
343
56
Houston
Dev Edition?

This is indeed a concern and could be a deal breaker for me too. As joverclock said, I too really enjoy tinkering with my phone and have missed the active development activities with my EVO 4G LTE that I enjoyed with the original EVO.

Them ( CFO Shamwow VZW) selling phones at retail price locked is a joke. Full price I want to do whatever with the phone. vzw s4 seems pretty well locked on the MDK (latest) revision without the possib to odin downgrade.
Any rumors of a dev version ( unlocked bootloader ) in similar way with this?
Not unlocked no note 3 for me. I have preordered i605-note 2 and Adam Outler unlocked it in 7 days ( including ordering the phone). maybe he can help again.


Many thanks
Abe
 

BarryH_GEG

Senior Member
Jan 16, 2009
10,198
5,143
Spokane, Washington
Is Knox included by default for all N3? or is it just for business customers?


Samsung KNOX & Find My Mobile

The new GALAXY Note 3 comes with enhanced privacy and security protection provided by Samsung KNOX. Users can activate Samsung KNOX with ease which allows them to run and store security-sensitive applications and data inside a protected execution environment called “container.” The security inside the container is strengthened by system-level protection of Samsung KNOX against malware and phishing attacks as well as hacking attempts on physical devices when devices are stolen or lost. For instance, important personal pictures or video can be stored in the container with no worries for data leakage due to hacking. In addition, users may choose to store enterprise applications and data such as corporate email, contacts and calendar and allow the IT department to manage the container through EAS (Exchange ActiveSync Server). These features make the GALAXY Note 3 an ideal device for BYOD (Bring-Your-Own-Device to work)

Furthermore, the GALAXY Note 3 is equipped with an improved Find My Mobile feature that allows users to disable the phone when it is stolen or lost. With the enhanced user authentication, the technology prevents stolen mobile phones from being reset to factory settings, and allows users to remotely track or erase the data from their lost or stolen mobile phones.​

A user doesn't have to activate it but the hooks it needs and control over the bootloader it requires will be on every N3. The same hooks and bootloader changes were just pushed out to the SGS4 which is what has their forum up in arms. I'm guessing Knox was inert on consumer SGS4's originally because it required corporate device management s/w to enable it. Now that it's being aimed at consumers it's going to be on all Samsung's devices that can support it. The devs on the SGS4 forum are still trying to understand what the changes mean and how to work around them. It broke all Chainfire's apps (One Click Root, SuperSU, Triangle Away, Mobile Odin) so he's especially keen at addressing Knox's new "features."
 

jetjock

Member
Jan 10, 2005
39
0
Samsung had a big presence here at the Atlanta Airwatch Connect conference. They mention the new Knox capable hardware "burns in on hardware" when it is rooted and cannot be undone.

I'm not enough of a techie to ask them more specifics about how they accomplish this. But thought I would pass it on here so someone smarter than I can valid this claim.

I might just cancel my preorder if this is true.

Sent from my SAMSUNG-SGH-I317 using xda app-developers app
 

joverclock

Senior Member
Sep 13, 2012
84
24
Samsung had a big presence here at the Atlanta Airwatch Connect conference. They mention the new Knox capable hardware "burns in on hardware" when it is rooted and cannot be undone.

I'm not enough of a techie to ask them more specifics about how they accomplish this. But thought I would pass it on here so someone smarter than I can valid this claim.

I might just cancel my preorder if this is true.

Sent from my SAMSUNG-SGH-I317 using xda app-developers app

Yes if this is true I will be getting back form 739 from best buy and giving it to someone else.:eek:
 

force70

Senior Member
Jan 27, 2012
11,449
8,042
toronto
Samsung Galaxy Z Fold2
We have been lucky with the s4 here in canada..non locked bootloader. The last at&t ota locked theirs down and they have root but thats all.now it seems the international devices are being locked down also.

I hope the CAN version of the N3 continues the no lock trend but I kind of doubt it. I planned or pre ordering but I think ill wait and see first.

I refuse to spend $800 on a device and not be able to do what I want with it.

sent from my S3, S4 or Note2
 

@rbiter

Senior Member
Dec 4, 2011
5,141
1,241
Samsung is gonna be hurting if they shy away the regular Joe consumer to try and get enterprise customers. I would think consumers outnumber enterprise people but even if not true, Samsung won't get all thebeneterprise with apple, Microsoft and blackberry in the running also. I am hoping for an unlocked USA LTE band compatible with unlocked bootloader. My next phone needs to hold me until 64bit chips makebwaves on android and I think the note3 can do that in the meantime. The note2 probably could but I am smartphone techno nerd and the note 2 will be ancient history to me if I owned it more than 15 months.
 

Obagleyfreer

Senior Member
Jun 29, 2012
2,019
844
Wellington
Just thought I'd let you all know:

I have the new MH8 firmware on my S4 that has the new locked bootloader and Knox security.

I had no trouble rooting it, installing CWM Recovery and flashing CM10.2. All works fine.

The downside is that once you're on this new bootloader you cannot downgrade stock firmware using Odin.
That's the only limitation I've come across.
I can still flash any custom ROM, any custom Kernel and any custom recovery :)
 

BarryH_GEG

Senior Member
Jan 16, 2009
10,198
5,143
Spokane, Washington
Samsung is gonna be hurting if they shy away the regular Joe consumer to try and get enterprise customers. I would think consumers outnumber enterprise people but even if not true, Samsung won't get all thebeneterprise with apple, Microsoft and blackberry in the running also. I am hoping for an unlocked USA LTE band compatible with unlocked bootloader. My next phone needs to hold me until 64bit chips makebwaves on android and I think the note3 can do that in the meantime. The note2 probably could but I am smartphone techno nerd and the note 2 will be ancient history to me if I owned it more than 15 months.

XDA looks at Knox's impact to customization and shivers. The masses look at it as a safe and unique place to store their porn and a way of increasing the chances of getting their lost/stolen device back. We're 5% of the market and the masses are 95%. Samsung losing 5% of their sales is about equal to all the devices HTC will sell in 2013. We're opinion leaders and early adopters but we're not indispensable. ;)

P.S. - I'm not agreeing with what Samsung's doing so please don't shoot the messenger.
 

Arsaw

Inactive Recognized Developer
Dec 31, 2010
4,229
6,002
Kuala Lumpur
XDA looks at Knox's impact to customization and shivers. The masses look at it as a safe and unique place to store their porn and a way of increasing the chances of getting their lost/stolen device back. We're 5% of the market and the masses are 95%. Samsung losing 5% of their sales is about equal to all the devices HTC will sell in 2013. We're opinion leaders and early adopters but we're not indispensable. ;)

P.S. - I'm not agreeing with what Samsung's doing so please don't shoot the messenger.

I'm sure the 5% are capable to influence another 30% of the masses not to buy Note 3 :)

Sent from my GT-I9300 using Tapatalk 2
 

markysd

Senior Member
Apr 5, 2012
365
65
san diego ca
when will we know its locked? how long does it take for hackers/devs to find out that it can be unlocked..?

still not sure if i should pull the trigger for the pre order.. im assuming its a 50/50 chance because if i get it now and it can be unlocked and later they update it and it ships with that new update ill be bum and locked out on the fun :(

i need my root.. dont like ads/crapware
 

IamPro

Senior Member
Dec 2, 2010
1,192
239
when will we know its locked? how long does it take for hackers/devs to find out that it can be unlocked..?

still not sure if i should pull the trigger for the pre order.. im assuming its a 50/50 chance because if i get it now and it can be unlocked and later they update it and it ships with that new update ill be bum and locked out on the fun :(

i need my root.. dont like ads/crapware

I just realized how much I use Root lol, def gonna need that at a min if I want to switch :(
 

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    Just thought I'd let you all know:

    I have the new MH8 firmware on my S4 that has the new locked bootloader and Knox security.

    I had no trouble rooting it, installing CWM Recovery and flashing CM10.2. All works fine.

    The downside is that once you're on this new bootloader you cannot downgrade stock firmware using Odin.
    That's the only limitation I've come across.
    I can still flash any custom ROM, any custom Kernel and any custom recovery :)
    3
    Just thought I'd let you all know:

    I have the new MH8 firmware on my S4 that has the new locked bootloader and Knox security.

    I had no trouble rooting it, installing CWM Recovery and flashing CM10.2. All works fine.

    The downside is that once you're on this new bootloader you cannot downgrade stock firmware using Odin.
    That's the only limitation I've come across.
    I can still flash any custom ROM, any custom Kernel and any custom recovery :)

    Just would like to get this reposted. THIS brought a huge smile to my face. Good to hear!!!! THANK YOU!!!
    2
    XDA looks at Knox's impact to customization and shivers. The masses look at it as a safe and unique place to store their porn and a way of increasing the chances of getting their lost/stolen device back. We're 5% of the market and the masses are 95%. Samsung losing 5% of their sales is about equal to all the devices HTC will sell in 2013. We're opinion leaders and early adopters but we're not indispensable. ;)

    P.S. - I'm not agreeing with what Samsung's doing so please don't shoot the messenger.

    I'm sure the 5% are capable to influence another 30% of the masses not to buy Note 3 :)

    Sent from my GT-I9300 using Tapatalk 2
    1
    Apparently Samsung's getting ready to roll-out the announced N3 Knox improvements (consumer use vs. corporate device management) to the SGS4. One of the new Knox features allows device owners to prevent the wiping of the device in the event it's stolen. That's pretty cool. But apparently there are some pretty big security and permission changes that are being put in place to make it work based on a 9/4 SGS4 update Samsung pushed out. These are the changes from Chainfire the creator of SuperSU and Triangle Away.

    • SELinux enabled and set to "restrictive"

    • A more secure bootloader

    • A new warranty status indicator inside the bootloader

    • Inability to downgrade once the new bootloader's installed
    What does it mean? The N3's locked down pretty tight and not at a carrier's direction. It's too early to say what the long-term impact will be but the devs are working on getting the flexibility that's gone back.

    Follow this thread for more info...

    http://forum.xda-developers.com/showthread.php?t=2432100

    Here's Chainfire's post on G+...

    https://plus.google.com/u/0/+Chainfire/posts/5ggu7naWtaW#+Chainfire/posts/5ggu7naWtaW
    1
    Yes, it's time to shoot the messenger. You're bringing anxiety levels up without any proof of increased difficulty in unlocking whatsoever. While the S4's newest bootloader hasn't been unlocked, this doesn't mean the N3's bootloader will be as difficult. Chainfire's post you linked from the same day the ROMs were released said he worked around the software and rooted the ROM. As always, NEVER take an OTA when you're unlocked/rooted. EVER. While the N3 may ship with tighter security, it will eventually be bypassed. With such a popular model as the N3, they will always leave something open to be exploited on the initial bootloaders (the ones that are given out at trade shows like IFA, not the first retail versions. these system dumps provide most unlocking access (listen to the first part of this video ala "pre-release kernel")).



    Ummm...we know right now that all the carrier's bootloaders will be locked. The only phones sold with unlocked bootloaders either say it somewhere (specifications\network) or all Developer Editions of phones are unlocked. You can wait a month or two for a DE version of the N3 to come out, just like the N2.

    Here's why I thought (and still do) that this thread is newsworthy. Samsung announced a slew of new consumer-focused Knox features on September 4 at the Berlin event that were important enough to have JK Shin talk about them in his brief 11 minute intro (see 11:42 in the video below) of a presentation that lasted over an hour. Knox and/or security are obviously important and newsworthy enough to Samsung for the discussion of them to be given priority.

    That same day, September 4th, an update to the international non-carrier aligned SGS4 introduces these changes that Chainfire documented:

    • SELinux enabled and set to "restrictive"

    • A more secure bootloader

    • A new warranty status indicator inside the bootloader

    • Inability to downgrade once the new bootloader's installed

    I don't personally believe it's a coincidence and if those changes which I'm assuming are Knox related are being applied to the SGS4 my assumption is they'll be included on the N3 to support Knox out-of-the-box. You and others can draw any conclusions you want and I'll be the first to admit I'm making assumptions based on personal interpretation of events.

    As for misleading or alarming people my first post gave people links to the evolving SGS4 thread where the changes are being discussed as well as a link to Chainfire's G+ account so they could get the latest info. I also said the devs are working on getting the former flexibility back. So those four things Chainfire documented could mean nothing and be easily worked around or could be a big issue with Samsung phones that support Knox going forward. If not from a freedom and development perspective perhaps from a warranty perspective. Regardless, me raising an issue for people to be aware of before forking over hundreds of dollars for a phone is less harmful than others trying to sweep it under the rug. Time will tell.