Knox in Android L
Google hasn’t made the largest inroads into corporate and enterprise when it comes to spreading Android. Samsung has taken up a bit of the slack though with Samsung Knox, their security suite of APIs, apps and protocols designed to keep Samsung devices safe and secure in a managed environment. At Google I/O last month, support for components of Knox in the upcoming Android L release was announced, and today Google and Samsung have talked a bit more about the details.

First off, despite rumours that Samsung were handing over the reigns of Knox to Google, Samsung has clarified this stating:

‘Samsung remains in complete control of Samsung KNOX and we will work closely with Google to deliver a unified, secure implementation of Android to the enterprise’.

Samsung has also advised they will continue to invest in Knox, as well as driving the platform forward.

In retaining control of Knox, will maintain separate hardware based APIs and integration that is used by companies requiring ‘defense-grade and government-certified features’. The list of features that will remain with Samsung devices include :

  • TrustZone-based Integrity Measurement Architecture (TIMA)
    • Real-time Kernel Protection
    • Client Certificate Management (CCM)
    • Trusted Boot-based Key store
    • Remote attestation
  • Trusted Boot
  • Biometric authentication
  • KNOX Smart Card Support
  • Government-certified KNOX components
    • Common Criteria
    • STIG standards (FIPS certified crypto library, FIPS VPN, audit, etc.)

All of these features will remain available to current Samsung partners who are currently using Knox. To make it easy, Samsung has provided a graphic on which features will be remaining ‘Samsung specific’ and which will be going to AOSP and Android L.
AOSP - KNOX - Android L

With Google advising they would be bringing ‘key KNOX functionality into Android’ in the L release. There are three main focuses when looking at Android L and Knox integration, which Google has used to design the new Enterprise APIs that will be released around :

  • Device and data security
  • Support for IT policies and restrictions
  • Mobile application management

The first point is quite important and will utilise the existing multi-user support, which Google announced in Android 4.2. In Android L, a device administrator (think your IT Department if you’re using your phone or tablet for work) will be able to add a Managed Profile to your device which will run concurrently with your personal account, in other words, there will be one account for business and another for play. Data security is enabled by the use of block-level disk encryption and verified boot means no unlocked bootloader or other means will gain access to the data contained within.

IT administrators will be able to utilise third-party Enterprise Mobility Management (EMM) solutions to administer to Android devices running Android L. In Google’s words, it will ‘allow IT admins to enforce a wide set of policies, ranging from system settings and certificate provisioning to application-specific (e.g. Chrome) configurations and restrictions’.

With app management, IT administrators will also be in full control of pushing apps to the Managed Profiles on devices using the Knox APIs. Admins will be able to control the app catalogue as well as remotely deploy apps.

Google and Samsung have an extremely large market to tap with the corporate/enterprise market. With the decline of Blackberry and the rise of Bring Your Own Device(BYOD) culture in corporate environments, people are bringing Android devices to work. The implementation of Knox in Android L and the introduction of these features mean that users will be able to bring their device to work, while still satisfying their IT department.

Google advises that there will be more details to share on Knox integration soon.

Source(s): Android Developers Blog, and Samsung Knox
  • yellek

    Yes but until ASD certifies Android devices for Defence use in Australia “Defence Grade Security” means nothing here.

    • http://ausdroid.net/ Daniel Tyson

      From what I can tell, no Samsung Devices have received ASD certification as yet. I`m watching though.

  • vijay alapati

    samsung is really making big moves…..wish they could concentrate bit more on the design side of their devices as all their phones and tablets (All sizes) are looking same since past 3 years

    • Phil

      HTC and more so Sony seem to also be doing that