Samsung Knox

Knox 2.0 to ship on Galaxy S5, come to other Galaxy devices with Android 4.4 updates in Q2

Mobile World Congress

Last year at Mobile World Congress we heard all about how Knox, and how it would help add a layer of security to folks using their own device for work, and today — exactly a year later — version two is announced with some great improvements.

It starts with the fingerprint sensor in the Galaxy S5. Knox 2.0 will use two-factor biometric authentication, where access to a central keystore will require both a fingerprint and a passcode. Developers of corporate apps and security policy can implement this into their software, and ensure that only the person who should have access is the one who can get access.

On the apps front, Knox can now run "most" applications from Google Play without setting up a new environment, while still keeping the system and kernel secure from malicious code. The Knox software will now secure each apps its data, and prevent unauthorized editing and access to system partitions and other sensitive areas and databases. Samsung will also be setting up a Knox marketplace, where IT staff can set up deploy applications across all users phones. Several companies — including Box and GoTo Meeting — are already on-board.

Knox 2.0 will come installed on the Galaxy S5, and will begin rolling out to other Galaxy phones —it requires Android 4.4 — in the second quarter of 2014.


Reader comments

Samsung unwraps Knox 2.0, will use biometric ID and handles apps from Google Play in a new way


they could just make an "Enterprise version" S III, Note II, S 4, Note III and S 5... not everyone wants/ needs knox.

They made Galaxy S3 developer editions, and nobody bought them. Kind of kills the incentive to build handsets without security for folks to tinker with, if none of those folks will buy one.

True enough however, building a security geared phone to security minded folks makes much more sense than trying to shove it down the throats of everyone. I hope for the sake of Samsung lovers it can be disabled to facilitate tinkering.

Posted via Android Central App

"I hope for the sake of Samsung lovers it can be disabled to facilitate tinkering."

Well, for starters, the S5 wasn't made with tinkering in mind. Samsung honestly couldn't care less about the "custom rom" crowd. The enterprise market's needs obviously outweigh those of the uber-geek that wants to hack the software.

Secondly, Jerry is spot on that no one was buying the "security-focused" or developer edition devices. It's purely cost-effective, for Samsung to offer one model to cater to all crowds. The S5 not being developer-friendly is just the cost of doing business.

Just my opinion.

Posted from my "Gift from God" Note 3, my "God-Given" iPad Mini 2, or my "Risen" Samsung Chromebook.

'Samsung honestly couldn't care less about the "custom rom" crowd.'

Do ANY of these vendors, except maybe Oppo, care about the custom ROM crowd?

Actually, HTC does. Hence the unlock tool on their developer website.

And, for a short while, Motorola did, too. They had a list of devices detailed on their website as being unlockable and developer-friendly.

Actually, Motorola still does. Hence the developer edition of the Moto X.

Until being canned, Samsung would often announce developer editions of their flagships.

Posted from my "Gift from God" Note 3, my "God-Given" iPad Mini 2, or my "Risen" Samsung Chromebook.

Well I stand by my opinion. I believe it's going to hurt their sales. I believe a large number of people are going to find it all overwhelming and annoying.

Posted via Android Central App

I agree that some people will definitely find the addition of Knox 2.0 annoying. The size of that group is up for debate, though, as I don't think it's as large as you think.

Posted from my "Gift from God" Note 3, my "God-Given" iPad Mini 2, or my "Risen" Samsung Chromebook.

People need to realize this is going to be a fact of life. Every oem is going to do this, or you are going to concede another market sector to Samsung.

Rooters and rom people are insignificant when you put it in terms of 50million units.

Samsung is still very open and rom friendly. The carriers take it further but right now I am running a Knox free rom on my note. Custom recovery and no worries.

I tripped Knox but so what? I still have been upgrading my custom rom, running leaks and have gone to stock.

Oh my warranty is screwed? I still don't care. If I have to send it back, I will hard brick it. Anyone who has done this stuff should be thinking the same.

We enthusiasts are minor

You really should see the crap I don't post. Sorry if honesty offends you

Do remember that those of us on the tech sites and forums are a minority. Very vocal, but a minority nonetheless.

Posted via Android Central App

Verizon's latest take on Knox and the bootloader have left me fully unable to install a recovery and thus a ROM. Thanks to Knox (and my willingness to upgrade to 4.3), I'm stuck with BloatWiz. Knox 2.0? No thanks.

We just need root now. Xposed is just fine. Ya, No custom kernel, but do most us actually know what is happening kernel side to notice anymore?


Knox is bad for us tinkerers!

Posted from my "KNOX-FREE" 4.3 Sprint GS3 Maxx...!!!
(ZeroLemon 7000mA battery and ZeroShock Case)

Knox doesn't stop you from flagging a rom it just voids the warranty. Phones have one year warranties, Why would you put a custom ROM on a brand new phone. That's like putting flashy rims on a 2014 vehicle. It's brand new, why do you need rims, the vehicle speaks for itself. I'm not knocking anyone's comments. When I got Knox on my s3 I thought it would be a bad thing, it didn't stop me from doing anything, and it's obviously past warranty. We can all agree to root you have to be reasonably intelligent. Use that intelligence to make a decision.

Posted via Android Central App

I put a custom ROM on a brand new phone because I can and I like my phone set up a certain way that stock ROMs don't provide. I happily voided the warranty on my S4 within 2 hours of buying it.

3 reasons I rooted: hotspot mod, custom recovery (TWRP), & AdAway. I ended up tripping Knox, but so what - I've exchanged rooted phones in the past, & as long as you're not being an obnoxious jerk, most places (like the Sprint Store or Best Buy) won't bother you about it.

Number one reason I root is to block bandwidth and performance sucking apps. Always have and always will. However, I buy customer friendly phones. When I buy a phone I want full control over it. I am not leasing or renting it.

That defeats the whole idea. They implemented KNOX to bring controls to the IT staff for those who want to support personal Android devices in a corporate environment.
Additionally, it is my understanding that you don't have to use the KNOX functionality. It's not enabled by default, sure it comes pre-loaded but it's not enabled. I'm willing to bet that when you start up an S5 it doesn't force you to register a finger print and set a passcode on the device.
These are all optional features for the regular consumer, only forced by managed devices in a corporate environment.

Probably a good thing for business but I really don't care about Knox. I'll stick to my rooted Note 3 with all that stuff disabled. I really see no reason for me to update to 4.4 until I see a custom rom that I want to try

Posted via Android Central App

Yay... I can't wait... /s

In all honesty, why don't they add these features to their touchscreen refrigerators that have literally zero security features built in.

Say goodbye to Root.
If this thing has KNOX enabled and has sandboxed all apps, even those from the PlayStore. You can forget about Root working correctly even if you can Root your device.

Root is an app

You really should see the crap I don't post. Sorry if honesty offends you

Maybe say goodbye to unlocked bootloaders, root access is completely different. Let's not get to our panties into to tight of a wad.


People really need to learn what they are talking about before posting.

Most comments above me are invalid or incomplete.

You really should see the crap I don't post. Sorry if honesty offends you

That's the problem with in things. Since hating on Samsung is the in thing some sheep will just hate whatever Samsung introduces without even knowing why they're hating on it.

Hate this nonsense that aluminum is premium

+9000 And, that applies to fans of every single platform and manufacturer, and in nearly every single industry.

Posted from my "Gift from God" Note 3, my "God-Given" iPad Mini 2, or my "Risen" Samsung Chromebook.

But don't you get it, the custom rom crowd is the most important market and the OEMs should bend over backwards for the millions of people who want to root their phones!! /s

A lot of people on this site have issues with perspective.

Posted via Android Central App

I wonder why they can't just make the phone super easy to root, then let the IT department install Knox and Knox can get root and lock the phone down. Just a semi-ignorant thought.


Because they want people to use their phone for work, not work supply a phone to people.

It takes a bit to set up any equipment for an it department. It is easier on the corporation if it is the other way to go. Blackberry was a pain to setup at on point.

You really should see the crap I don't post. Sorry if honesty offends you

They still have to set all the Knox stuff up anyway right? Make the phone as easy to open as a nexus, then just have Knox set up so it locks the phone when you first run it. But you right. My IT department is mostly a waste. All they want to do is talk about star wars.


Honestly I do not know how hard it is, but I have to believe that there will be a ton of impact if you go from rooted to non rooted, locked down, with a push of a button.

I also do agree that it should be an option and one with risks if upon initial setup you choose not to go with Knox.

You really should see the crap I don't post. Sorry if honesty offends you

Hi Sammy my name is root and these are my friends ROM and SU, can we come and play with you in your sandbox? Umm sorry root you and your friends are no longer allowed to play here. Please leave now!

Posted via Android Central App

So can this just be turned off or not used for regular users? This seems like something that should be an optional install rather than for regular users. It's almost like getting an enterprise edition of Windows for your home PC.

If I buy a phone I want full control of it. I am not renting it. I will never buy a phone that's this locked down with no way for the paying customer to disable it without hacking. Now, if a GPe version of the GS5 was released I'd have no problem as long as this bloatware was not on it.

I can understand why Samsung is pushing Knox. They want to appeal to corporate IT departments, so Samsung devices will gain greater acceptance and erode the dominance of BB and iphone in the corporate world. And Knox is a non-issue for the average consumer that has no intention of flashing custom roms/kernels. But this is awful news for the modding community, and helps to make my decision about future purchases much easier. I am almost certain my Note 3 will be my last Samsung device for awhile (probably ever)

If the galaxy s5 has Knox 2.0 already installed well it hasnt affected me much. Rooted.. flashed it and been running a custom rom since i got it. I hardly have any apps running in the application manager and ive stripped the rom down significantly of bloat. Sure knox is tripped but ive tripped knox before and still was able to warranty it. Only those with Verizon and ATT whos bootloaders are locked have a real problem.