Knox is something we all keep hearing about, let's talk about how it works and why it's important

The very things that make Android phones appealing to folks who read Android blogs online — the open platform, side loading, rooting and the like — are also the very reasons why it suffers in adoption rates for the enterprise. Companies get scared when they read about the way clever users bypass any sort of security vendors try to put on the handsets. It's a tough spot, but in the end, we can't say we blame them. The phone you're hacking away at is insecure because of the modifications you made to it. Here at the Samsung Developers Conference, Peter from Centrify was kind enough to spend a few minutes to help us understand a little more.

Knox is one way to try and change the problems we mentioned above. Using what they call a trusted chain that boots and secures the device at start-up, and built on SE-Android (Security Enhanced) it's more than just a sandboxed container — it covers the whole device.

Samsung is all-in with the service. Already in place on the Note 3 and Galaxy S4 in Europe, it's coming to the S4 elsewhere and will even be rolled back to all the Galaxy S3 and Note 2 devices out there. We know many of you think of Knox as the bad guy, but be sure to watch and check out All Thing Knox to see why Knox is important.

More: Samsung Developers Conference portal


Reader comments

Android Central Live: All Things Knox with Peter Havens from Centrify


Oh! so this is a good thing! and here I thought it was just another way to lock down my phone silly me!. PS I'll be using Google Play and not whatever store they're trying to slam down our throats.

The point is you get the security the enterprise wants in the sandbox, while still giving you the personal flexibility to use whatever you want in the personal mode. All on one phone.

The Knox store is simply to ensure the security stays in place. You still have all of your apps in the personal mode. The only problem would be if you needed a app in the Knox mode that isn't avaliable.

I love the fact my office could wipe the sandbox with my work data and my personal data would be left alone. My choice is either Knox on my Note 3 or carry a BB. I will take the one device over two anytime.

Posted via Android Central App

That's all well and good for those who work in the enterprise setting, but me who has gmail apps for education...I don't need Knox and don't want it preventing me from rooting/custom rom etc. it does not need to be on all devices. I'd be more than happy to buy a developer edition if they charged the same as the carrier edition, or Google play edition.

That is a great route that Samsung should adopt ( The developer edition) im not into rooting and flashing custom roms, but there are many that do and to just deprive customers from doing so would not make great business sense especially when they have been able to freely do so until now, to have that developers edition would be a great all rounder.

Posted via Android Central App

But it something that doesnt effect me. So glad that i can just enjoy my Note 3 without that fustration lol

Posted via Android Central App

I just don't get why someone would get a specialized device like the note and then root it and load a Custom Rom on it. I mean you loose alot. I have flat out told several people just to get a nexus.

Because the Note is the best "big" phone with the best specs on the market, at the moment. It's a great phone even with an AOSP rom on it.

Posted via Android Central App

Yeh i get what you mean now that i give it some thought why bother having a specialized version just continue to have the unlocked bootloadet but then you cant have knox so im thinking again, reverting back to the developers edition aint a bad idea. Its again not something effects me and im not to fussed but i can get why people like to have that full control over their device.

Posted via Android Central App

Full control isn't a bad thing. I have exercised that right myself, but I wouldn't complain about loosing something I shouldn't have in the first place.

A developer edition wouldn't be bad, but the problem is the things that make a Note a note couldn't be included in it. So a Google Edition Note is kind of pointless. Now they could release the galaxy round as a GE device and that would make more sense.

There are great alternatives to the Note for a high end large screen device for rooting. The LG G2 or the Sony Z ultra are good examples. I think they also save a bill comped to the Note 3.

Posted via Android Central App

Yeah having a Google edition would not be a good idea. I always like to flash an aosp rom for a while and when I get tired of that I go back to touchwiz for a while. I'm a flashoholic. :) And i don't think the lg g2 has much development going on either. And that 6.4" Sony, damn that thing is big, and doesn't have a flash for the camera. I think I have a problem. :)

Posted via Android Central App

I certainly wouldn't say KNOX is the bad guy. It is great having the ability to create a second secure sandbox for my office work while still having the open and usability for my personal stuff.

Posted via Android Central App

Since I don't work in a corporate environment, I don't need this crap. This might be the last Samsung phone I ever have (Note 3). I have always bought Samsung phones because they were easy to root and rom. I guess those days are over. Makes me want to do a demolition video of a Note 3 on YouTube.

Posted via Android Central App

Please enlighten me why this is crap. Especially since you don't have to use it.

Posted via Android Central App

Its down to the locked bootloader i believe and bacause of knox its harder to root and flash custom roms, although not impossible.

Posted via Android Central App

Because if you try to unlock the bootloader or somehow get around the locked bootloader in order to flash a custom recovery and you trip the knox flag (you can see this in download mode) your screwed. Before there was knox we could flash a stock rom through Odin and still get warranty service if need be. That is my reason.

Posted via Android Central App

See their lies the problem. I am fairly certain that back to the original Galaxy S Samsung has never intended to provide support for rooted and Rom'd devices. The fact you could essentially lie to them and say no it was never rooted doesn't make it right. In policy you are no worse off then you should of been all along.

I remember this being a issue on my OG Note as well. It wasn't long till someone came along and provide a root method that didn't trip the flash counter.

I wouldn't brick a phone and claim warranty service, but if the home button falls off or some other hardware issue then I would like them to fix it. Sometimes they don't if the device is rooted, all though root has nothing to do with the problem.

Posted via Android Central App

I understand that, but that doesn't change the fact you voided the warranty by doing something you weren't suppose to. The problem is there are allot of thing you can do to your hardware with root that can't be simply seen and obvious. Like overclocking a CPU. We all know, or should know once you root you are on your own. I knew that when I rooted my captivate. I was flashing new ROMS almost weekly. Hell I had a alpha ICS on it within weeks of ICS's announcement. But I knew if it was on me to keep it running not Samsung.

I thought that there was a way around this so you can still flash a custom recovery?

Posted via Android Central App

Best of both worlds and Knox is a great security option and one that many should use, if unsure read the facts, and yeh it may not give you the same options as in personal mode but the transition between both is just a finger tap away thats not to much hard work is it?

Posted via Android Central App

I bought this kick-ass Chevy Nova II a long time ago. Was exactly what i wanted, except it wasn't 4WD.

REALLY sucked that if I wanted to change the drive-train and make it 4WD it voided my warranty. Chevy should have made that shit easy, too. I paid for it, right?

If only someone made 4WD vehicles so I could buy one ...



Hahaha nice one, lol.

PS: Why am I not surprised, to see a car analogy used here.

Posted via Android Central App

Come on Jerry, take it easy man. My point is that I and a lot of people really like the Note but would like to flash a rom on it. Maybe one day we can but it's not looking too good. Hell, the bounty for a bootloader unlock method for the gs4 is around $5,000. I have a Nexus too but as you know the Nexus is not quite on par with the Note's specs.

Posted via Android Central App

KNOX -> A solution looking for a problem.
The majority of people don't need, nor want it.

It should be an optional version of the OS flashed by the enterprise.
It should not be the default.

Changing the software should not void your warranty.
The analogy of making a Chevy 4WD is a specious argument.
I buy a PC and remove Windows and run Linux, should my hardware warranty be void?

Two upper layers. One not secure and flagged as such and one secure.
The modems, etc should signed and locked so the carriers won't complain.

I never agreed to have the device I bought locked down by Samsung, after the fact.

Yeah that really sucked for the gs4. I even knew about the Note 3 and the knox before I bought it. I'm a gluten for punishment.

Posted via Android Central App

I didn't watch the video, but things like Knox aren't made for the majority of people; they're made for a specialized group. In this case, isn't that specialized group the enterprise? Samsung is trying to put its hand in a place that is occupied by BlackBerry and being eaten away at by Apple. They want their piece of the pie too and I believe this is part of the way to get it. However, though it may come with phones like my Note 3, in order to use it, one first has to download and install it. As far as I can tell, it's just a link or installer app that's preloaded on the phone.

As far as that warranty stuff goes, that's the price you pay for buying the device. If you don't like it, you by something else. Think of it like this: if you make something for people to use in a certain way, say, a pogo stick, and people start using that pogo stick to not hop around on, but instead run around digging holes with, and when it breaks the people who were misusing go to you and say "Fix my pogo stick! It broke while I was digging holes with it!" are you going to want to fix or replace it free of charge when they weren't using the product for its intended purpose? I seriously doubt it. Samsung isn't in the business, nor anyone else, to fix peoples' mistakes outside the bounds of what you agree to when you purchase your device.

Also, your Windows/Linux analogy doesn't work. HP and other computer manufacturers don't cover warranty for every aspect of the computer from hardware to software. It only covers specific things from either and only if used in ways that you agree to when you buy the machine. And, if you decided to load Linux over your preloaded Windows installation, do you expect to get customer support for your computer if you suddenly have an issue with it? It would be foolish to.

Sure do. Especially this portion:

You do not require consumers to perform any duty as a precondition for receiving service, except notifying you that service is needed, unless you can demonstrate that the duty is reasonable.

Reasonable. You or I don't get to define that.

You or I don't have to like it, but if you think a reasonable person would not think that saying "you can not strip very protected IP out of a communications device, or alter said IP, or you will lose your warranty privileges" is a reasonable duty?

I'm thankful companies don't try to sue for damages over some of the things done to their software. I expect that will happen one day.

Im sure i read somewhere that its been done or can be done without tripping the Knox flag? Im again all for those that like to have that full control, but the specs of the Note 3 are fantastic 2.3ghz, 3gb ram, andreno 330, and Full Hd Screen. Whats the pros for rooting as i have never done it and probably never will, just interested in what it provides?

Posted via Android Central App

Yeah we can root, but not flash a rom or kernel yet. Having root you can change a few things, like getting rid of the constant "wifi connected" in the notification shade and getting rid of the carrier name in the notification bar, and a lot of other customizations.

Posted via Android Central App

Well generally rooting will give you more ability to update and control aspects of the phone you wouldn't have access to. Like remove carrier apps and update configuration values beyond reach normally. This can make backups easier. Allow for overclocking the cpu. Control in general.

Custom roms are another thing entirely. Often a mixed bag as some stuff works and some doesn't. These are also generally community driven. Also anything propriety is lost.

Neither option should be taken lightly. I have only rooted one of my devices, a galaxy s captivate. It's software was horrible and I had cynogen mod loaded most of the time. Have never felt a need on any other, but then I guess I am not as picky.

Posted via Android Central App

Weird as its a linux kernel and obviously as we all know linux is open source, but the knox right lol yeh that sounds like what i read cant remember i am into my tech and although not adventurous to attempt to root or flash custom roms its something i do find interesting, yeh does it remove all the eye scroll, smart pause ect i presume so?

Posted via Android Central App

I don't know if those are safe to remove or not, I did not get rid of them. I did use titanium backup to freeze a lot of Samsung's bloatware. You can get rid of all the ongoing notifications in the notification shade though. You can change the color of your icons in the notification bar and even change the icons to look like a Nexus if you want. It's just fun for me to pittle around with this stuff.

Posted via Android Central App

Depends on the rom and if it is based on stock or AOSP.

Samsung has a pretty good following of people that try to tweak the stock rom.

Posted via Android Central App

If you ever plug in your headphones, you will see that "recommend apps for headphones" in your notification shade. With root you can get rid of all that crap. It free's up a lot of space for notifications.

Posted via Android Central App

That is what i thought mavrrick and understand that it does come with its downfalls but alot more freedom to customize the hardware aswel as the software, although wouldnt overclocking the cpu be a negative thing due to seriously damaging the life expendancy?

And at 2.3ghz isnt that fast enough for now lol

Posted via Android Central App

I personally haven't over clocked any of my phones since the HTC inspire 4g. The phones now days are blazing fast anyway.

Posted via Android Central App

It is all about freedom and customization. Which is great, but to much is bad in some people's hands.

I would never overclocking it. But people do. That is part of the problem with supporting rooted and Rom'd devices.

Posted via Android Central App

This guy I work with has bricked 2 galaxy S 3's lol. It's almost impossible to brick those. I think he tried to flash the wrong kernel. At least he didn't try to claim warranty. He is one of those that doesn't need to root.

Posted via Android Central App

Hmm i can change the icons and minor things like that now via google play and icon packs, themes ect, cant remove carrier brands in the notification bar but that is a tad pedantic isnt it lol im happy enough with what i have and its a great device without rooting and flashing custom recovery's, but as i have neber done it and maybe if i did i could then make that comparison.

Posted via Android Central App

I suggest that you never start. I was very happy before I started and now I am always messing around with my phone. It takes up a lot of time.

Posted via Android Central App

Haha yeh im like that except with launchers and im constantly messing around with them, and themes and icons ect, I just know i would be the same with rooting and flashing custom roms, i do find it interesting though. But i will leave that one alone i think.

Posted via Android Central App

yeah having XDAs (Insert your phone)developer section is an enormous time suck (in a really good and fun way)

As the dude said Samsung has a big issue with corporate takeup of android phone because of the openess factor and when they've weighed up the giant business market vs the not so huge flashers and rooters market....well I wouldn't like to be the guy who goes in front of the Samsung board to explain why they are ignoring the corporates in favour of said flashers and rooters. hopefully Samsung looks at 'developers' phones for that section of the market. God knows they make enough other variations for other market sectors.

But that is the issue here. I really don't think they are going to stop the flashers or custom roms. Maybe they will replace less devices because it will be easier to identify them, but they won't stop it.

And Knox simply shouldn't work if you are.

Posted via Android Central App

I know, I completely sympathise. Fooling with my phone is a cool and inexpensive hobby. But I get Samsungs point too, but needless to say i mightn't be downloading the S3 4.3 on the 11/13 and will wait for something that the devs cook up.

Everyone is happy for Android Central Live
Each new things makes u joy. but problem starts when Android phone stucks..

Is this why I keep getting a pop-up on my S4 (which has just been upgraded to 4.3) that 'An app has just tried to access your system' but gives me no way of finding out which app this is?