Samsung Knox Security
Built to protect
We empower people and organizations to utilize Samsung Galaxy devices without having to worry about security, letting them stay focused on what really matters.
Samsung Knox makes mobile security effortless
From secure hardware to real-time protection, and a comprehensive set of advanced security solutions. All you have to do is turn on your phone and go about your day.
![[Icon] Designed and built secure](/images/secured-by-knox/icon_chip_up.svg){kind=icon}
Designed and built secure
Samsung hardware is built secure—from the design to manufacturing to the moment we put it in your hands, and for years of use beyond. We seek to deliver security throughout all steps with our own supply chain, built from the chip up.
![[Icon] Open to evolve](/images/secured-by-knox/icon_open.svg){kind=icon}
Open to evolve
We strive to evolve our security solutions on a spirit of openness and partnership, starting with Android‘s proven multi-layered security and adding best-in-class technologies to address the constantly changing threat landscape.
![[Icon] Tools for your business](/images/secured-by-knox/icon_security.svg){kind=icon}
Tools for your business
We also create a comprehensive suite of cloud-based solutions that extend the value of Knox security for businesses even farther. Fully optimized for Samsung Galaxy devices, they put IT admins in control and let people do their work securely and productively.
Hardware backed
Trust begins with hardware
Samsung security architecture has always been backed by advanced hardware solutions—and always will be. We build security into each device from the ground up to safeguard your most precious data.
Knox Vault
Safeguarding your most important credentials
Protect your most precious information— passwords, biometrics, PINs, crypto keys—from tampering, probing, side-channel attacks and fault injection. Knox Vault architecture is CC EAL 4/5+1 certified, with a dedicated security chip that only you can access.
Warranty Bit
Access only when trusted
When Warranty Bit detects tampering, access to sensitive apps like Samsung Pay, Samsung Pass, and your Android Work Profile will automatically be blocked to prevent misuse. IT can check Warranty Bit remotely using Knox Attestation, and utilize with other management policies.
Secure Boot
Trusted from the boot up
Ensure device security with on-device, OS-independent integrity checks utilizing TrustZone. If the firmware was rooted or there were changes to system components, they can be found when the device boots up.
Secure Supply Chain
Built by Samsung
Samsung is one of the few companies with strong control over the design and manufacture of its own products.2 This can ensure end-to-end security across the supply chain and throughout the product lifecycle.
Knox Vault
Safeguarding your most important credentials
Protect your most precious information— passwords, biometrics, PINs, crypto keys—from tampering, probing, side-channel attacks and fault injection. Knox Vault architecture is CC EAL 4/5+1 certified, with a dedicated security chip that only you can access.
Secure Boot
Trusted from the boot up
Ensure device security with on-device, OS-independent integrity checks utilizing TrustZone. If the firmware was rooted or there were changes to system components, they can be found when the device boots up.
Warranty Bit
Access only when trusted
When Warranty Bit detects tampering, access to sensitive apps like Samsung Pay, Samsung Pass, and your Android Work Profile will automatically be blocked to prevent misuse. IT can check Warranty Bit remotely using Knox Attestation, and utilize with other management policies.
Secure Supply Chain
Built by Samsung
Samsung is one of the few companies with strong control over the design and manufacture of its own products.2 This can ensure end-to-end security across the supply chain and throughout the product lifecycle.
Previous
Next
Secure Wi-Fi
Safety on public networks
Secure Wi-Fi feature is designed to let you browse the internet safely, even when you’re using unsecured, public Wi-Fi networks.4 It offers protection by encrypting internet traffic and blocking tracking apps, so you can feel safer connecting. Have visibility on your protection history in charts and lists, based on Wi-Fi names.
SmartThings Find
Remote lock for lost devices
SmartThings Find doesn’t just help you locate your lost device. It can remotely lock, erase, or display customized messages at lock screen to secure your data and asset.5
Data Encryption
Multi-layered encryption
When it comes to encryption, you have plenty of options. File-Based Encryption offers separate encryption keys by default. Or you can store materials in our Secure Folder using independent credentials.
Businesses can even secure Android Work Profile data using their specified cryptographic module with DualDAR.3
Permission Manager
Protecting personal data privacy
Permission Manager gives you control over sensitive data like your photos or key functions where data can be leaked, such as the microphone, camera, and GPS. Live Indicator notifies users when apps access the camera or microphone.
Data protection
Secured from the inside and out
Securing your device and data is a round-the-clock commitment. So we built a range of encryption options to guard your data at rest, and more ways to protect your data in transit.
In use on the phone, surfing the web, or even when your phone is misplaced, your data can be in safe hands.
Secure Wi-Fi
Safety on public networks
Secure Wi-Fi feature is designed to let you browse the internet safely, even when you’re using unsecured, public Wi-Fi networks.4 It offers protection by encrypting internet traffic and blocking tracking apps, so you can feel safer connecting. Have visibility on your protection history in charts and lists, based on Wi-Fi names.
SmartThings Find
Remote lock for lost devices
SmartThings Find doesn’t just help you locate your lost device. It can remotely lock, erase, or display customized messages at lock screen to secure your data and asset.5
Data Encryption
Multi-layered encryption
When it comes to encryption, you have plenty of options. File-Based Encryption offers separate encryption keys by default. Or you can store materials in our Secure Folder using independent credentials.
Businesses can even secure Android Work Profile data using their specified cryptographic module with DualDAR.3
Permission Manager
Protecting personal data privacy
Permission Manager gives you control over sensitive data like your photos or key functions where data can be leaked, such as the microphone, camera, and GPS. Live Indicator notifies users when apps access the camera or microphone.
Previous
Next
Continuous protection
Knox never sleeps
Security threats lurk around every corner, and mobile devices are increasingly targeted with sophisticated attacks.
Knox counters these with threat management solutions that run throughout the usage cycle—keeping your digital journey worry-free.
App Security
Keeping malware at bay
Samsung Auto Blocker can stop the side-loading of apps from unknown sources, even if a user accidentally approves it. It can also block USB updates to prevent malicious software from being installed. Google Play Protect regularly scans downloaded apps to detect malware and spyware.
Security Patch
Regular security updates for the long term
Samsung Galaxy devices, regardless of carrier, receive up to 7 years7 of security and OS updates. Application updates can also be automated from Google Play or Galaxy Store.
Defex
App behaviors under control
Defeat Exploit (DEFEX) monitors abnormal app behaviors and takes action. If an app tries to make potentially dangerous requests such as privilege escalation on your device, DEFEX can automatically shut it down.
Message Guard
Protecting against attacks through SMS/MMS
Samsung Message Guard neutralizes potential threats before they have a chance to do you any harm. It automatically isolates and decodes images in a sandbox so your device is unaffected.6
Real-time Kernel Protection
Real-time protection
Knox constantly checks your core layers in real-time, keeping unauthorized attempts from accessing or changing the kernel. It also blocks malicious code from accessing system-level permissions.
App Security
Keeping malware at bay
Samsung Auto Blocker can stop the side-loading of apps from unknown sources, even if a user accidentally approves it. It can also block USB updates to prevent malicious software from being installed. Google Play Protect regularly scans downloaded apps to detect malware and spyware.
Security Patch
Regular security updates for the long term
Samsung Galaxy devices, regardless of carrier, receive up to 7 years7 of security and OS updates. Application updates can also be automated from Google Play or Galaxy Store.
Defex
App behaviors under control
Defeat Exploit (DEFEX) monitors abnormal app behaviors and takes action. If an app tries to make potentially dangerous requests such as privilege escalation on your device, DEFEX can automatically shut it down.
Message Guard
Protecting against attacks through SMS/MMS
Samsung Message Guard neutralizes potential threats before they have a chance to do you any harm. It automatically isolates and decodes images in a sandbox so your device is unaffected.6
Real-time Kernel Protection
Real-time protection
Knox constantly checks your core layers in real-time, keeping unauthorized attempts from accessing or changing the kernel. It also blocks malicious code from accessing system-level permissions.
Previous
Next
Knox Suite
Secure, deploy, manage, and analyze
Knox Suite is a comprehensive set of solutions made by Samsung and optimized for Galaxy devices.
- Ensure compliance with company policies while maximizing worker productivity.
- Designed for flexible use: As a standalone end-to-end EMM, or on top of your MDM/EMM for added controls on Galaxy.
Android Work Profile
Keep work and play separated
Android Work Profile separates work and personal data on a single device, with dedicated work and personal profiles. Have security and control over company data while respecting employee privacy.
Management and Configuration
Powerful mobile device management
Knox Platform for Enterprise is built into Galaxy devices, offering robust and flexible MDM/EMM controls for IT. These are accessible through Knox Suite or a wide range of EMMs using the Knox Service Plugin.
For industries with more stringent requirements, in-depth configuration may be explored for extra protection.
e.g. DualDAR, Hypervisor-based Device Manager (HDM): Peripheral device access control, and more.
Security Center
Check security status on device fleet
Security Center offers detailed insights and visibility on your fleet’s security status. IT admins can maintain device health with early detection of vulnerabilities (CVEs), based on security patch levels and routine attestations.
Galaxy AI
Business-friendly AI with data sovereignty
With Knox Platform for Enterprise, IT admins can set Galaxy AI features to run safely on-device only8, without cloud processing or storage.
Empower users with Galaxy AI productivity tools while protecting work data against leaks or misuse.
Managed Security
Worry-free for work and play
Samsung Knox offers intuitive, yet granular controls to setup and manage devices to suit your organization’s need.
We empower IT admins to manage with confidence and help team members streamline workflows and boost productivity.
Management and Configuration
Powerful mobile device management
Knox Platform for Enterprise is built into Galaxy devices, offering robust and flexible MDM/EMM controls for IT. These are accessible through Knox Suite or a wide range of EMMs using the Knox Service Plugin.
For industries with more stringent requirements, in-depth configuration may be explored for extra protection.
e.g. DualDAR, Hypervisor-based Device Manager (HDM): Peripheral device access control, and more.
Knox Suite
Secure, deploy, manage, and analyze
Knox Suite is a comprehensive set of solutions made by Samsung and optimized for Galaxy devices.
- Ensure compliance with company policies while maximizing worker productivity.
- Designed for flexible use: As a standalone end-to-end EMM, or on top of your MDM/EMM for added controls on Galaxy.
Security Center
Check security status on device fleet
Security Center offers detailed insights and visibility on your fleet’s security status. IT admins can maintain device health with early detection of vulnerabilities (CVEs), based on security patch levels and routine attestations.
Android Work Profile
Keep work and play separated
Android Work Profile separates work and personal data on a single device, with dedicated work and personal profiles. Have security and control over company data while respecting employee privacy.
Galaxy AI
Business-friendly AI with data sovereignty
With Knox Platform for Enterprise, IT admins can set Galaxy AI features to run safely on-device only8, without cloud processing or storage.
Empower users with Galaxy AI productivity tools while protecting work data against leaks or misuse.
Previous
Next
Zero Trust-ready devices and solutions by Samsung Knox
![[Icon] Microsoft Intune](/images/secured-by-knox/microsoft.png)
Microsoft Intune
Protect access to sensitive data with Knox Attestation
With mobile hardware-backed attestation, enterprises can verify a Galaxy device’s integrity before allowing access to corporate resources using Intune MAM.
![[Icon] Cisco](/images/secured-by-knox/cisco.png)
Cisco
Zero Trust Network Access supported on Galaxy devices
Cisco ZTNA on Galaxy devices provides users with role-based, least-privileged access to apps and resources. This protects corporate resources with minimized public exposure, while also granting quick access.
![[Icon] Want more on Knox security?](https://kp4-cdn.samsungknox.com/img/icon-resources 1_FCAY.svg){kind=icon}
Want more on Knox security?
- Evaluation Assurance Lab certification from Common Criteria, an internationally recognized standard for security evaluation. Level of certification and specific architecture detail may vary by device model
- Manufacturing coverage may vary by model.
- DualDAR requires a separate license purchase.
- Secure Wi-Fi availability may very depending on the country, carrier, or network environment. Subscription required for usage exceeding default protection plan.
- Supported on Galaxy smartphones and tablets with at least Android 8, Galaxy Watch3 or higher, Galaxy Buds Live, Galaxy Buds Pro or higher, Galaxy Buds2 or higher. Support services may vary by country/region/carrier.
- Samsung Message Guard supports Samsung Message Guard supports protection against the following image formats: PNG, JPG/JPEG, GIF, ICO, WEBP, BMP, WBMP.
Default messaging app varies by market. One UI 5.1 or higher.
- Up to 7 years, monthly update for 4 years and quarterly for 3 years. Applicable for Galaxy S24 and select later models, starting from the year of respective device model’s release. Specific details may vary by region and model.
- Galaxy AI features by Samsung will be provided for free until the end of 2025 on supported Samsung Galaxy devices. Availability of Galaxy AI features may vary by model or environment.
