The uneasy tango between Samsung and Google continues with the integration of Samsung KNOX into Android L. After speculation from Forbes that the Samsung KNOX initiative would be abandoned by Samsung which was quickly put to rest by the manufacturing behemoth, it seems like both companies are giving some clarification to their new partnership.
The first clarification that Samsung made in its Samsung KNOX blog was to clarify the nature of the partnership between Google and the South Korean company; rubbishing many rumours that the latter would be taking a step back from the development of KNOX and that Google would be taking over. Instead, they reiterate that Samsung KNOX remains in active development at Samsung and under Samsung’s control. In fact, Samsung KNOX will remain as a standalone application and platform that will be offered exclusively on Samsung devices.
“Samsung remains in complete control of Samsung KNOX and we will work closely with Google to deliver a unified, secure implementation of Android to the enterprise.”
Google reiterates this sentiment and states that Samsung will be contributing parts of their security platform which will be integrated into the upcoming release of Android. Essentially, what will be integrated to the Android L security framework is the backbone of KNOX and its security enhancements of Android. However, features such as TrustZone-based Integrity Measurement Architecture (TIMA), Real-time Kernel Protection, Client Certificate Management (CCM), Trusted Boot-based Key store, Remote attestation, Trusted Boot, Biometric authentication, KNOX Smart Card Support, Government-certified KNOX components, Common Criteria and STIG standards (FIPS certified crypto library, FIPS VPN, audit, etc.) will remain features which will be exclusive to Samsung’s KNOX and Samsung Devices. What these features have in common is they are mostly hardware features which will tap directly in to the hardware specific features of the device.
“Samsung KNOX will offer differentiated features on top of Android ‘L’ to serve the unique needs of businesses who will benefit from the combination of Samsung software and hardware.”
Android L and Samsung KNOX
So what exactly is Samsung KNOX bringing to Android L? According to Google in the Android Developers’ Blog, Google and Samsung have designed application programming interfaces (APIs) on/using Samsung KNOX keeping three main concepts in mind for enterprises: Device and data security, Support for IT policies and restrictions and Mobile application management.
The first concept: device and data security will be taking advantage of the Multi-user feature already available in Android since Android 4.2 JellyBean. The feature is, as of now, only functioning on android tablets. Google essentially means that data separation and security will be achieved by incorporating the multi user API. What this means is that corporations and enterprises will be able to keep their data secure essentially by creating a user profile that will isolate apps, data and accounts based user accounts. In addition, the data is isolated from the rest of the device using block-level disk encryption as well as verified boot technology – features those who use Samsung KNOX are familiar with as KNOX workspace. In Android L, corporate IT administrators will be able to create a managed profile to do this.
This will enable the second concept: Support for IT policies and restrictions, into play. Using this framework which are based on APIs which have “evolved” from Samsung KNOX APIs. These APIs will allows corporate IT administrators to enforce policies ranging from certificate provisioning to system settings to application-specific configurations and restrictions. Leading to the third concept: Mobile application management. Using APIs, which are, again, based on KNOX APIs,will allow IT administrators to curate and deploy application for the corporate profile according to the policies of the corporation. This also includes remote deployment of applications by IT administrators to the corporate profile on the Android device.
As mentioned in the features/concepts of Android L’s “Android for Work”, these applications and layers are all based on APIs of Samsung KNOX. What has happened is that with all these bases baked into Android L, Samsung KNOX becomes a slimmer, leaner application and this superset of KNOX APIs allow Samsung to build and focus on their advanced features of KNOX. This will be done by using software programming to allow these APIs to play nice with Samsung KNOX and its advanced features. This also enables corporations to enforce bring your own devices (BYOD) policies for Android devices running Android L.