Samsung KNOX

Samsung deserves a special mention for their KNOX enabled devices. Most people who are familiar with the technology will know of the enterprise integration options. KNOX is also available for the individual, and can be used to secure specific information (accounts) and applications. I used a KNOX enabled Samsung Galaxy S3 as my primary device for two weeks (loaned from a colleague @Samsung) in order to learn about it and be better able to advise people on their options.

KNOX looks like just another app on your device, though when you run it, it comes to the foreground as an isolated environment (almost like a second phone or virtual machine). What is stored in KNOX stays in KNOX, and is not available to the rest of the operating system (or your other apps).

The first important concept to keep in mind when you’re setting up KNOX is that you shouldn’t use the same Google account for your device’s normal activities as you use in KNOX – that defeats the purpose of keeping your personal information in KNOX. If your day-to-day / regular apps all have access to your main Google account (email, contacts, calendar, etc), then the value of KNOX is reduced. Using one account for your device to download apps and use in a “not so secure” environment, and another “private information” account for KNOX is more complex and may add a few seconds to the process, but you can be assured of a higher level of security.

The way this would work is you would keep all of your “normal” apps, social media, flashlights (see previous post for the joke here), and anything that demands more permissions than you *should* be giving in the main Android environment. The Google account for that environment would NOT have your contacts, and would NOT be used for email. When you want to read/write emails, view contacts, or do anything with your personal information, you would open KNOX (tap the icon for it), type your password, and then have access to do whatever it is that you want to do. When you’re done, you would close KNOX and go back to social media, web browsing, and whatever apps that you use regularly in the less secure environment.

Samsung has released a few good documents about KNOX, and technologically it seems like a very good way to isolate your personal / private information and protect it from all the potentially malicious apps that exist for Android. One important point to mention is that if you root your device, then you lose access to your KNOX data. On some devices, if you root the device you will never be able to use KNOX again – so be careful and do your research!

Personally, I prefer using another device for my day to day (non corporate) activities, though if I had a need to protect a subset of my data/apps/information while still using my device in an insecure location, I would probably choose a KNOX enabled device.

UPDATE Q3 2014 : I’ve advised a few clients through KNOX implementations (in corporate and BYOD environments), and the general response from users is that they appreciate not having their entire device restricted as they’ve experienced with other vendor solutions. In these implementations their personal information and apps were available in the main Android environment, and their corporate email/contacts/calendar and apps were secured in the KNOX environment.