Google, Samsung integrate Knox into Android, eye enterprise gains

Google, Samsung integrate Knox into Android, eye enterprise gains

Summary: Samsung's Knox enterprise technology, which made Android more palatable for businesses, is being added to Android.


Google said it will adopt Samsung's Knox Security technology, which is used in the enterprise, and incorporate it into Android.

The two companies, strong partners that are sometimes wary of each other, have cuddled up to take on the enterprise. Samsung was the lead in getting Android more enterprise credibility with Knox, but can only do so much by itself. The enterprise market share lead belongs to Apple's iOS with Android trailing. In fact, the enterprise market share is flipped compared to the consumer market.

Why? Security and various versions of Android make it harder to manage. Samsung set out to change that with container technology that separates personal and work personas---an approach Google is building into Android.

More importantly, Google is aligning Android device makers behind the mobile platform's new enterprise features and Knox so "there's one story to tell," said Android and Chrome chief Sundar Pichai.

Samsung said in a statement that having Knox in the broader Android community will help developers add more enterprise features to their apps. With Samsung's enterprise technology being added to Android rivals will be able to better pitch businesses. However, Samsung said it will "continue to provide the advanced, differentiated, and comprehensive enterprise mobility solution for enterprise customers."

android work1



Topics: Mobility, Android, Google, Samsung, Enterprise 2.0

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Make Money from Google

    Start working from home! Great job for students, stay-at-home moms or anyone needing an extra income... You only need a computer and a reliable internet connection... Make $90 hourly and up to $12000 a month by following link at the bottom and signing up... You can have your first check by the end of this week.........................
  • This is very good news for Android

    Two questions:

    1. What is Samsung getting in return from Google? Samsung is, far and away, the dominant OHA smartphone and tablet manufacturer.
    2. Will Knox find its way into the Android Open Source Project, where Amazon and Microsoft/Nokia can take advantage of it for their AOSP-based devices?
    Rabid Howler Monkey
    • What does Samesung get out of it

      Well, they get to push Knox as the defacto enterprise management tool and keep the extra advanced goodies exclusive to Samsung devices. Some IT administrators are lazy and if the easy choice is to choose Samsung mobiles for their enterpirse because it has the extra Knox bells and whistles then that is what they will do.
      As for making Knox freely open to Google competitors such as Amazon and MS...probably not....but perhaps Samsung have not made an exclusive deal so they could make similar deals with them.
      Its big business where the aim is to make money of consumers....not necessarily make the best devices.
  • It seems to me that this will move Android forward ...

    although probably only future devices/versions that get a somewhat standardized build. It is however a start. There are too many Android devices left out in the cold with regard to good enterprise support. This should allow developers to get behind a standardized security model for Android in general. Samsung will benefit from broader application support and more widespread enterprise adoption of Android devices by CIOs.
    • Yes but....

      The Malware is keeping them back. Only today an App was found on the Playstore that wrapped around a legitimate banking app for the purpose of skimming important user details. Though the App was removed by Google after someone alerted them to it....the Playstore is still the wild west the mobile market and enterprises take enough business risks as it is without having to take more when alternative phones are available. Perception or reality is does not matter....its whether executives want to take extra risks.
      • Malware in Google Play can be mitigated somewhat by organizations

        via the use of Google Play Private Channels which allow businesses to essentially create an app store for their employees:

        In this case, the onus will be on the organization's mobile admin to carefully select those apps from Google Play for inclusion in the organization' private channel. A mobile admin is much more likely to be discriminating with apps in Google Play than are most end users.
        Rabid Howler Monkey
        • why bother

          The solution to googles lack of security is to choose another platform that doesn't have androids security problems. why jump through hoops and take on extra work to make android a viable choice?

          The onus should be on Google to keep their store secure.
          • Emacho: "why bother"

            Risk reduction. The biggest malware risk to date for Android users is enabling the ability to side-load apps from unknown sources (sources outside of Google Play). This is easy, keep the setting disabled and greyed out. The next biggest risk is malicious apps that have been introduced into Google Play. Having an enterprise mobile admin create an app store reduces the likelihood that end users will fall prey to these malicious apps. How? The mobile admin will inspect permissions as well as look at reviews of the apps under consideration. Not to mention allowing only those apps that are relevant to the organization.

            It's not unusual for organizations to create app stores for iPhone and iPad users either. And Apple's vetting process for apps is superior to Google's, even if it is not perfect.

            This really isn't any different than organizations controlling the applications that end users are allowed to have installed on their laptops and desktops. On Windows, enforcement is done through least privilege (standard user accounts), group policy (including software restriction policy), AppLocker policies, etc. This makes it difficult for end users to install p2p software, unlicensed software, malicious software, etc. that they might download from the Internet. If an end user needs a new application installed, he/she gets approval from the boss and then talks to IT and procurement (if necessary) about making it happen.
            Rabid Howler Monkey
          • So,

            With your comment of "why jump through hoops and take on extra work to make android a viable choice?", I guess the same can be said in this fashion:

            "Why use SCCM? Why jump through hoops to create a Software Center (of approved apps) and take on extra work to make Windows a viable choice?"

            Of course, your comment history will tell me your reply to this is "It's not the same!" or something to that effect.

            And yet, they are the same. A locked down Windows workstation on a domain can not easily install software downloaded from outside sources and users are forced to use the Software Center / Application Catalog. A locked down Android phone can easily be set up to use a private store and limit apps that the user can install. Same thing, different platform.
  • Android is not allowed in 50 mile radius of an enterprise.

    • Somebody please call the police, then.

    • Owl:Net, where've you been?

      Microsoft's MDM solutions, Intune cloud-management service and Systems Center 2012, support Android devices. More here:

      Good thing too with the Nokia X2 on the way. :)
      Rabid Howler Monkey
    • No real consist in the distant

      So sad Owl can not get it right....
  • So far Knox is used to

    So far Knox has been used to void your warranty if you root your phone.
    And the new security made it so I could not copy files from my Nas to my own SD card using ESFile Server. There was NO way to turn this off which I think GOOGLE did on purpose to force people to use a cloud. (Ya no) So I rooted my phone which means nothing better happen to my Samsung S5 for the first year or I am hosed.
    I am not looking at this as a positive thing at all. More like Handcuffs where none were wanted.
    • It probably wasn't exactly Knox doing this too you.

      Knox is all about the central MDM (mobile device management) people ensuring the security of the phone and its access to corporate resources. What specific policies a company chooses to enforce through what ever MDM solution its using is up to them.

      So long story short: The company IT department probably did this to you based on the company's security policies - it wasn't Knox.
      • SD card issue is Kitkat's fault

        Google did it in Kitkat and it affects every Android running Kitkat unrooted.
        To rectify it back to pre-kitkat SD card functionality, you have to root.
        In order to root Android, it will trip the knox counter on Samsungs (in most cases). If rooting it doesn't trip knox, then the knox implementation is not doing its job.
        This will invalidate warranty and outlaw your device with various MDM setups.
        All we are waiting for is a class action against Samsung, and Google indirectly, for taking away a core functionality and forcing users to root and break warranty conditions, just to use their SD card as they did before the kitkat fiasco.
      • Flat. Out. Wrong.
        From that post (from "Chainfire", a VERY well respected developer in the Android modding community): "Using this root method sets current binary and system status to custom. Additionally, it will also trigger the KNOX warranty void status...The KNOX warranty status change is permanent, and a service center may deny warranty based on this flag - even if the other flags are reset correctly. The KNOX flag being tripped may also prevent certain Samsung KNOX features from working (enterprise security features)."
        From the source: "the “KNOX Warranty Void” bit (or simply KNOX bit) is used to detect if a non-KNOX kernel has been loaded on the device. It is a one-time programmable bit in e-fuse, which can only be turned from “0” to “1” (i.e. burned)."

        No, this is a slap in the face to the Android modding community and a way for Samsung to copy Apple in the "we refuse to honor your warranty for a broken USB connector because root". If it was an enterprise-only situation, fine. I even understand the reasons for having one of these 'e-fuse' kinds of solutions. With things like Triangle Away and RootCloak making a rooted phone look unrooted, in conjunction with rooted phones being able to 'fake' things in userspace, I understand the need for a solution of this nature. If Samsung was limiting this only to being a flag for enterprise users and allowing them to treat it as they wished, then they would give some kind of indication for it in their warranty provisions: "phones with the Knox e-fuse tripped shall be limited to hardware only defects; issues related to software (including 'boot loops', 'soft-bricking', and similar) will not be honored". The fact that they won't fix a defective USB connector if the phone is rooted fully thwarts the notion that Knox isn't intended to help minimize the number of warranty issues they have to face.

        Google baking this sort of functionality into Android, if not explicitly for this reason, is at the very least a nice bonus for them.