The truth about Samsung Knox for Android security

The higher-level security technology for select Android devices isn't really available yet, despite the hype

Page 2 of 2

Finally, you need to activate the Knox service on your device; otherwise, it won't work. The good news is that the MDM provider will activate the service for you. The bad news is you'll pay a monthly per-user surcharge to the MDM vendor to work with Knox, a fee charged by Samsung. The MDM vendors that will soon support Knox and be able to sell you Knox activation are Absolute, AirWatch, Centrify, Citrix Systems, Fixmo, MobileIron, SAP, and Soti. (Some of these vendors, such as Fixmo, have trial deployments in place.) Samsung declined to say how much it was charging each month for Knox access. Check with your MDM vendor on its expected availability and surcharge.

[ UPDATED 11/7/13: MobileIron Wednesday announced it was offering general availability for Knox activations; although it has not published its pricing, an executive told me it would be about $4 per month per device. Centrify also revealed it would charge $43.20 per device per year to activate Knox management. Others are sure to follow soon. ]

Today, almost no MDM vendors have an agreement in place to activate Knox, so most companies can't actually use Knox even if they have a compatible device, the Knox software, and a compatible MDM server. Several MDM vendors tell me they expect to work out the required licensing deals with Samsung in the coming days and weeks to enable general availability of Knox activations, so you should be able to finally use Knox this year on compatible devices -- if you're willing to pay.

How Knox relates to Samsung's SAFE security technology
Samsung advertises Knox as a feature in its Samsung Approved for Enterprise (SAFE) technology suite. SAFE is essentially a supplemental set of APIs to the ones Google has in Android, allowing more security and management options to be managed by an MDM server. It also provides 256-bit encryption rather than stock Android's 128-bit.

Knox is placed in the SAFE umbrella by Samsung's marketing, but whereas most recent Samsung devices support the added SAFE APIs and higher encryption level, they do not support the Knox container or its extra management APIs. A Knox-compatible device supports all SAFE technologies, but a SAFE-compliant device does not necessarily support Knox.

Be careful when buying Samsung devices as to what security each actually supports, and decide whether you really want to pay extra for Knox, and if so for which users.

This article, "The truth about Samsung Knox for Android security," was originally published at Read more of Galen Gruman's Mobile Edge blog and follow the latest developments in mobile technology at Follow Galen's mobile musings on Twitter at MobileGalen. For the latest business technology news, follow on Twitter.

| 1 2 Page 2