Samsung Knox

Knox 2.0 to ship on Galaxy S5, come to other Galaxy devices with Android 4.4 updates in Q2

Mobile World Congress

Last year at Mobile World Congress we heard all about how Knox, and how it would help add a layer of security to folks using their own device for work, and today — exactly a year later — version two is announced with some great improvements.

It starts with the fingerprint sensor in the Galaxy S5. Knox 2.0 will use two-factor biometric authentication, where access to a central keystore will require both a fingerprint and a passcode. Developers of corporate apps and security policy can implement this into their software, and ensure that only the person who should have access is the one who can get access.

On the apps front, Knox can now run "most" applications from Google Play without setting up a new environment, while still keeping the system and kernel secure from malicious code. The Knox software will now secure each apps its data, and prevent unauthorized editing and access to system partitions and other sensitive areas and databases. Samsung will also be setting up a Knox marketplace, where IT staff can set up deploy applications across all users phones. Several companies — including Box and GoTo Meeting — are already on-board.

Knox 2.0 will come installed on the Galaxy S5, and will begin rolling out to other Galaxy phones —it requires Android 4.4 — in the second quarter of 2014.

 
There are 50 comments

D13H4RD2L1V3 says:

I hope it's not as broken as the first abomination we get as "Knox 1.0".

jakeuten says:

they could just make an "Enterprise version" S III, Note II, S 4, Note III and S 5... not everyone wants/ needs knox.

They made Galaxy S3 developer editions, and nobody bought them. Kind of kills the incentive to build handsets without security for folks to tinker with, if none of those folks will buy one.

dacp283 says:

True enough however, building a security geared phone to security minded folks makes much more sense than trying to shove it down the throats of everyone. I hope for the sake of Samsung lovers it can be disabled to facilitate tinkering.

Posted via Android Central App

MERCDROID says:

"I hope for the sake of Samsung lovers it can be disabled to facilitate tinkering."

Well, for starters, the S5 wasn't made with tinkering in mind. Samsung honestly couldn't care less about the "custom rom" crowd. The enterprise market's needs obviously outweigh those of the uber-geek that wants to hack the software.

Secondly, Jerry is spot on that no one was buying the "security-focused" or developer edition devices. It's purely cost-effective, for Samsung to offer one model to cater to all crowds. The S5 not being developer-friendly is just the cost of doing business.

Just my opinion.

Posted from my "Gift from God" Note 3, my "God-Given" iPad Mini 2, or my "Risen" Samsung Chromebook.

worknman says:

'Samsung honestly couldn't care less about the "custom rom" crowd.'

Do ANY of these vendors, except maybe Oppo, care about the custom ROM crowd?

MERCDROID says:

Actually, HTC does. Hence the unlock tool on their developer website.

And, for a short while, Motorola did, too. They had a list of devices detailed on their website as being unlockable and developer-friendly.

Actually, Motorola still does. Hence the developer edition of the Moto X.

Until being canned, Samsung would often announce developer editions of their flagships.

Posted from my "Gift from God" Note 3, my "God-Given" iPad Mini 2, or my "Risen" Samsung Chromebook.

ASUS supported unlocking my tablet from the device page on their website. Just another OEM supportive of tinkering.

dacp283 says:

Well I stand by my opinion. I believe it's going to hurt their sales. I believe a large number of people are going to find it all overwhelming and annoying.

Posted via Android Central App

MERCDROID says:

I agree that some people will definitely find the addition of Knox 2.0 annoying. The size of that group is up for debate, though, as I don't think it's as large as you think.

Posted from my "Gift from God" Note 3, my "God-Given" iPad Mini 2, or my "Risen" Samsung Chromebook.

NoNexus says:

People need to realize this is going to be a fact of life. Every oem is going to do this, or you are going to concede another market sector to Samsung.

Rooters and rom people are insignificant when you put it in terms of 50million units.

Samsung is still very open and rom friendly. The carriers take it further but right now I am running a Knox free rom on my note. Custom recovery and no worries.

I tripped Knox but so what? I still have been upgrading my custom rom, running leaks and have gone to stock.

Oh my warranty is screwed? I still don't care. If I have to send it back, I will hard brick it. Anyone who has done this stuff should be thinking the same.

We enthusiasts are minor

-------------------------------------------
You really should see the crap I don't post. Sorry if honesty offends you

twolastnames says:

Wonder what the cost difference is to Enterprises for using Knox and something like Mobile@work? My company is using that for us guys in the field.

BaAAH

yacoby54 says:

Mobile@work and KNOX are not competitors. MobileIron will implement KNOX controls into their Mobile@work platform.

MERCDROID says:

+1

Posted from my "Gift from God" Note 3, my "God-Given" iPad Mini 2, or my "Risen" Samsung Chromebook.

+1

Posted via Android Central App

TomW093 says:

Do remember that those of us on the tech sites and forums are a minority. Very vocal, but a minority nonetheless.

Posted via Android Central App

Verizon's latest take on Knox and the bootloader have left me fully unable to install a recovery and thus a ROM. Thanks to Knox (and my willingness to upgrade to 4.3), I'm stuck with BloatWiz. Knox 2.0? No thanks.

twolastnames says:

We just need root now. Xposed is just fine. Ya, No custom kernel, but do most us actually know what is happening kernel side to notice anymore?

BaAAH

DWR_31 says:

Knox is bad for us tinkerers!

Posted from my "KNOX-FREE" 4.3 Sprint GS3 Maxx...!!!
(ZeroLemon 7000mA battery and ZeroShock Case)

dizzle16 says:

Knox doesn't stop you from flagging a rom it just voids the warranty. Phones have one year warranties, Why would you put a custom ROM on a brand new phone. That's like putting flashy rims on a 2014 vehicle. It's brand new, why do you need rims, the vehicle speaks for itself. I'm not knocking anyone's comments. When I got Knox on my s3 I thought it would be a bad thing, it didn't stop me from doing anything, and it's obviously past warranty. We can all agree to root you have to be reasonably intelligent. Use that intelligence to make a decision.

Posted via Android Central App

s14sh3r says:

I put a custom ROM on a brand new phone because I can and I like my phone set up a certain way that stock ROMs don't provide. I happily voided the warranty on my S4 within 2 hours of buying it.

illdini says:

3 reasons I rooted: hotspot mod, custom recovery (TWRP), & AdAway. I ended up tripping Knox, but so what - I've exchanged rooted phones in the past, & as long as you're not being an obnoxious jerk, most places (like the Sprint Store or Best Buy) won't bother you about it.

hmmm says:

Number one reason I root is to block bandwidth and performance sucking apps. Always have and always will. However, I buy customer friendly phones. When I buy a phone I want full control over it. I am not leasing or renting it.

tech_head says:

It doesn't just void your warranty. They will no longer repair even if you pay.

yacoby54 says:

That defeats the whole idea. They implemented KNOX to bring controls to the IT staff for those who want to support personal Android devices in a corporate environment.
Additionally, it is my understanding that you don't have to use the KNOX functionality. It's not enabled by default, sure it comes pre-loaded but it's not enabled. I'm willing to bet that when you start up an S5 it doesn't force you to register a finger print and set a passcode on the device.
These are all optional features for the regular consumer, only forced by managed devices in a corporate environment.

jonathan3579 says:

I'm sure the modding community will love this...

M3wThr33 says:

"Most" means: Not superuser, supersu, Rom Toolbox, etc.

Dperks17 says:

Wonderful. Bye bye custom roms.

Posted via Android Central App

D13H4RD2L1V3 says:

But how?!

Posted via Android Central App on my HTC One running CM11.

DataHawg says:

Probably a good thing for business but I really don't care about Knox. I'll stick to my rooted Note 3 with all that stuff disabled. I really see no reason for me to update to 4.4 until I see a custom rom that I want to try

Posted via Android Central App

bluesun3030 says:

Yay... I can't wait... /s

In all honesty, why don't they add these features to their touchscreen refrigerators that have literally zero security features built in.

tech_head says:

Say goodbye to Root.
If this thing has KNOX enabled and has sandboxed all apps, even those from the PlayStore. You can forget about Root working correctly even if you can Root your device.

NoNexus says:

Root is an app

-------------------------------------------
You really should see the crap I don't post. Sorry if honesty offends you

twolastnames says:

Maybe say goodbye to unlocked bootloaders, root access is completely different. Let's not get to our panties into to tight of a wad.

BaAAH

Unlocked bootloaders has already been gone for a while on Verizon GS3 handsets upgraded to 4.3. I learned the hard way.

NoNexus says:

People really need to learn what they are talking about before posting.

Most comments above me are invalid or incomplete.

-------------------------------------------
You really should see the crap I don't post. Sorry if honesty offends you

gololakho says:

That's the problem with in things. Since hating on Samsung is the in thing some sheep will just hate whatever Samsung introduces without even knowing why they're hating on it.

Hate this nonsense that aluminum is premium

MERCDROID says:

+9000 And, that applies to fans of every single platform and manufacturer, and in nearly every single industry.

Posted from my "Gift from God" Note 3, my "God-Given" iPad Mini 2, or my "Risen" Samsung Chromebook.

codiusprime says:

But don't you get it, the custom rom crowd is the most important market and the OEMs should bend over backwards for the millions of people who want to root their phones!! /s

A lot of people on this site have issues with perspective.

Posted via Android Central App

gololakho says:

+1

twolastnames says:

I wonder why they can't just make the phone super easy to root, then let the IT department install Knox and Knox can get root and lock the phone down. Just a semi-ignorant thought.

BaAAH

NoNexus says:

Because they want people to use their phone for work, not work supply a phone to people.

It takes a bit to set up any equipment for an it department. It is easier on the corporation if it is the other way to go. Blackberry was a pain to setup at on point.

-------------------------------------------
You really should see the crap I don't post. Sorry if honesty offends you

twolastnames says:

They still have to set all the Knox stuff up anyway right? Make the phone as easy to open as a nexus, then just have Knox set up so it locks the phone when you first run it. But you right. My IT department is mostly a waste. All they want to do is talk about star wars.

BaAAH

NoNexus says:

Honestly I do not know how hard it is, but I have to believe that there will be a ton of impact if you go from rooted to non rooted, locked down, with a push of a button.

I also do agree that it should be an option and one with risks if upon initial setup you choose not to go with Knox.

-------------------------------------------
You really should see the crap I don't post. Sorry if honesty offends you

cwmont13 says:

Hi Sammy my name is root and these are my friends ROM and SU, can we come and play with you in your sandbox? Umm sorry root you and your friends are no longer allowed to play here. Please leave now!

Posted via Android Central App

Paul Simiyu says:

I'm telling chainfire!

Posted via Android Central App

hmmm says:

So can this just be turned off or not used for regular users? This seems like something that should be an optional install rather than for regular users. It's almost like getting an enterprise edition of Windows for your home PC.

If I buy a phone I want full control of it. I am not renting it. I will never buy a phone that's this locked down with no way for the paying customer to disable it without hacking. Now, if a GPe version of the GS5 was released I'd have no problem as long as this bloatware was not on it.

sublimaze says:

I can understand why Samsung is pushing Knox. They want to appeal to corporate IT departments, so Samsung devices will gain greater acceptance and erode the dominance of BB and iphone in the corporate world. And Knox is a non-issue for the average consumer that has no intention of flashing custom roms/kernels. But this is awful news for the modding community, and helps to make my decision about future purchases much easier. I am almost certain my Note 3 will be my last Samsung device for awhile (probably ever)

tech_head says:

My S4 is my last.

Randy R1 says:

I hate you samsung

Posted via Android Central App