Samsung Knox is a comprehensive set of security features for personal and enterprise use pre-installed in most of Samsung's smartphones, tablets, and wearables.[2]

Samsung Knox
Samsung Knox.png
Developer(s)Samsung Group
Initial releaseMarch 2013 (2013-03)
Stable release
3.4.1 / 16 December 2019; 2 months ago (2019-12-16)[1]
Operating systemAndroid and Tizen Edit this at Wikidata

On March 5, 2018, Samsung announced devices running Knox 3.0 and above integrate seamlessly with similar Android Enterprise features.[3]


Samsung Knox provides a list of security features—both hardware and software—that allow business and personal content to securely coexist on the same handset, and allows other developers to communicate with these features throughout its SDKs. Some of these features coexist with already existing security enhancements provided by Android.


Samsung Knox ContainerEdit

Named the "Knox Workspace" app container[4]—allows a user to press an icon that switches immediately between Personal and Work mode with no reboot required.[5] Samsung has claimed that this feature will be fully compatible with Android and Google, and will provide full separation of work and personal data on mobile devices and "addresses all major security gaps in Android".[6] Tripping the e-fuse will cause the container to remain inaccessible. The feature is similar, but not connected with, "Android for Work".

Samsung DefexEdit

Starting from Android Oreo, Samsung has patched the kernel to prevent root access being granted to apps even after rooting was successful. This is to prevent unauthorised apps from changing the system and deter rooting.[7]

Samsung Real-time Kernel Protection (RKP)Edit

Samsung has implemented a feature that tracks kernel changes in real time and prevents the phone from booting as well as displaying a warning message about using "Unsecured" Samsung devices. This feature is analogous to Android dm-verity/AVB and requires a signed bootloader.[8]

Android SEEdit

Although Android phones are already protected by "SE for Android" feature, Samsung Knox provides periodic checks for patches that protects the system from malicious code or exploits.

Secure BootEdit

Before booting in the main Kernel, Samsung runs a "pre-boot" environment where it checks for the signature match of all elements of the OS. Should an unauthorised change be detected, the e-fuse will be tripped and the system's status will change from "Official" to "Custom".

Other FeaturesEdit

Connected with Samsung Knox are other features that facilitate enterprise use such as Samsung KMS (SKMS) for eSE NFC services, Mobile device management (MDM), Knox Certificate Management (CEP), Single Sign-On (SSO), One Time Password (OTP) and Virtual Private Network (VPN).[9][10][11][12]


Knox includes built-in hardware security features: ARM TrustZone (a technology similar to TPM) and a bootloader ROM.[13] Knox Verified Boot monitors and protects during the booting process in addition to Knox security built at a hardware level (introduced in Knox 3.3).


Rooted Samsung Galaxy S10e, with tripped e-fuse

Samsung Knox devices also use an e-fuse to indicate whether or not an "untrusted" (non-Samsung) boot path has ever been run. The e-fuse will be set if the device is booted with a non-Samsung signed bootloader, kernel, kernel initialization script or data, with a message displaying "Set warranty bit: <reason>". Rooting the device or flashing a non-Samsung Android release will, therefore, set the e-fuse. Once the e-fuse is set, a device can no longer create a Knox Workspace container, or access the data previously stored in an existing Knox Workspace.[14] This information may be used by Samsung to deny warranty service, in the United States, to devices that have been modified in this manner.[citation needed] This is the case even though, in the United States, voiding of consumer warranties in this manner may be prohibited by the Magnuson–Moss Warranty Act of 1975, at least in cases where the phone's problem is not directly caused by rooting.[15] In addition to voiding the warranty, tripping the e-fuse will also prevent some Samsung specific apps from running such as "Samsung Pay", "Samsung Health" and "Samsung Browser"'s Secret mode. For some older versions of Knox, it may be possible to clear the e-fuse by flashing a custom firmware.[citation needed]

Samsung DeXEdit

Since Knox 3.3 the options to manage Samsung DeX were added to allow or restrict access using the Knox platform for added control and security.

Samsung Knox TIMAEdit

Named TrustZone-based Integrity Measurement Architecture (TIMA), the feature allows storage of keys in the container for certificate signing using the TrustZone hardware platform.[16]

Notable security mentionsEdit

In June 2014, five Samsung devices were included in the list of approved products for sensitive but unclassified use by the Defense Information Systems Agency (DISA) of the Department of Defense, which certifies commercial technology for defense use.[17]

In October 2014, a security researcher discovered that Samsung Knox stores PIN in plain-text instead of storing salted and hashed PIN (or better, using PBKDF2) and processed it by obfuscated code.[18]

In October 2014, U.S National Security Agency (NSA) approved Samsung Galaxy devices under a program for quickly deploying commercially available technologies. Approved products include Galaxy S4, Galaxy S5, Galaxy S6, Galaxy S7, Galaxy Note 3, Galaxy Note 10.1 2014.[17]

In May 2016, Israeli researchers, Uri Kanonov and Avishai Wool, found three key vulnerabilities existing in specific versions of Knox.[19]

In December 2017, Knox received strong ratings in 25 of 28 categories in Gartner's December 2017 Mobile OSs and Device Security: A Comparison of Platforms.[20]

In June 2017, Samsung discontinued My Knox and urged users to switch to an alternate product, Secure Folder.[21]


  1. ^ "What's new in Knox 3.4.1?". Samsung Knox. 16 December 2019.
  2. ^ "Knox Platform for Enterprise White Paper". Samsung Knox. Samsung. 2018-09-12. Retrieved 2018-10-31.
  3. ^ "Android Enterprise and Samsung Knox: Your Questions Answered Here". Samsung Knox. 2018-02-24. Retrieved 2018-10-27.
  4. ^ "App Container | Knox Platform for Enterprise Whitepaper". Retrieved 2018-11-13.
  5. ^ Shaw, Ray (2013-03-23). "iTWire - Samsung Knox™ BlackBerry off Balance". iTWire. Retrieved 2018-10-27.
  6. ^ Goldman, David (2013-03-12). "Samsung Targets BlackBerry with Knox". CNN Business. Retrieved 2018-10-27.
  7. ^ "Disable DEFEX Security to Root Samsung Galaxy Devices on Oreo".
  8. ^ "Samsung RKP".
  9. ^ "Samsung SSO".
  10. ^ "Samsung CEP".
  11. ^ "Samsung OTP".
  12. ^ "Samsung Knox VPN".
  13. ^ "Root of Trust | Knox Platform for Enterprise Whitepaper". Retrieved 2018-11-13.
  14. ^ Peng Ning (2013-12-04). "About CF-Auto-Root". Samsung. The sole purpose of this fuse-burning action is to memorize that a kernel or critical initialization scripts or data that is not under Samsung's control has been put on the device. Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container.
  15. ^ Koebler, Jason (2016-08-17). "Companies Can't Legally Void the Warranty for Jailbreaking or Rooting Your Phone". Motherboard. Retrieved 2018-10-27.
  16. ^ "Samsung TIMA Keystores".
  17. ^ a b Ribeiro, John (2014-10-21). "NSA approves Samsung Knox devices for government use". PCWorld. Retrieved 2018-10-27.
  18. ^ Mimoso, Michael (2014-10-24). "NSA-Approved Samsung Knox Stores PIN in Cleartext". Threatpost. Retrieved 2018-10-27.
  19. ^ Forrest, Conner (2016-05-31). "Samsung Knox isn't as secure as you think it is". TechRepublic. Retrieved 2018-10-27.
  20. ^ "Introduction | Knox Platform for Enterprise Whitepaper". Retrieved 2018-11-13.
  21. ^ Rutnik, Mitja (2017-06-02). "Samsung discontinues My Knox, urges users to switch to Secure Folder". Android Authority. Retrieved 2018-10-27.

External linksEdit