So, i have a question/idea..... Is it possible to locate and change the script for the popup box preventing access to samsung pay? My question is based on two things: Before logging in to samsung account, samsung pay didnt acknowledge me as registered, popup appears, preventing access. 2: following my login to samsung accounts via samsung app store, then reopening pay, i was acknowelged as logged into samsung pay.
his
This leads me to believe that the only thing knox is doing is putting a drawable popup activity, overwriting the pay apps ui.
is it possible that changing the scripit for that specific activity to not draw over the ui would allow one to use pay after tripping the security?
please understand i am fairly adept when it comes to android, and completely retarded when it comes to coding. therefore, i wonder if anyone has had a similar idea, or someone with the capability to pursue this line of thinking could enlighten me?
thank you for your time (and noob patience)
johnnieangell said:
So, i have a question/idea..... Is it possible to locate and change the script for the popup box preventing access to samsung pay? My question is based on two things: Before logging in to samsung account, samsung pay didnt acknowledge me as registered, popup appears, preventing access. 2: following my login to samsung accounts via samsung app store, then reopening pay, i was acknowelged as logged into samsung pay.
his
This leads me to believe that the only thing knox is doing is putting a drawable popup activity, overwriting the pay apps ui.
is it possible that changing the scripit for that specific activity to not draw over the ui would allow one to use pay after tripping the security?
please understand i am fairly adept when it comes to android, and completely retarded when it comes to coding. therefore, i wonder if anyone has had a similar idea, or someone with the capability to pursue this line of thinking could enlighten me?
thank you for your time (and noob patience)
Click to expand...
Click to collapse
No it just simply will not work.. Once knox is tripped.. Game over
Related
New to android and captivate, so excuse me if I'm missing something..but it seems that with one's google account being tied into all the functions, including buying in the market with the credit card on file with google..there has to be a setting to not allow the device to be used with a different sim..or some kind of security that will lock down your google account if the phone is stolen? Is something built in..or is there an app out there that people generally use for peace of mind?
EDIT: All of the recent Nokia phones I've had has a setting to not allow a different sim to be used
fldude99 said:
New to android and captivate, so excuse me if I'm missing something..but it seems that with one's google account being tied into all the functions, including buying in the market with the credit card on file with google..there has to be a setting to not allow the device to be used with a different sim..or some kind of security that will lock down your google account if the phone is stolen? Is something built in..or is there an app out there that people generally use for peace of mind?
Click to expand...
Click to collapse
Very interesting. I too would like to know the answer. This is one of the many reasons why I NEVER use:
A) Mobile Banking
B) Purchases of any kind that includes Plastic
C) Setup any accounts that wire account info
Call me paranoid, but hey, it will save you a ton of headache on that unfortunate "if" day. Please keep us posted.
So does anybody have an answer...or at least some kind of marketplace app that is used for security?
So is nobody interested in security? Or is there just no simple solution..one thing that I miss on my Nokia N97 is the remote lock..send a text of a secret word, and poof the device is locked...done
I think people are interested to some degree but no widely known easy method. And just an fyi, rooting your phone and gaining superuser privileges - as many of us have done - creates a big security hole for trogin malware attack, so if you have rooted your phone take care and know what your installing and try to pay attention to anything using super user privileges.
[MODs, I know I have answered this before, but I felt it should be pushed into the main forum so everyone can see the answer. As this is a revised answer, please delete the OLD thread first! (please...)
Ok, so I've been asked a couple of times what knox really is. I've also read this question around the forum many, many times.
I hope this is the final answer that everyone can accept.
So let's start at the beginning... literally, the beginning. Right when you power on, Knox begins it's initial processes. You see, QualComm launched it's own SDK, and with this SDK, you can create your own, Hardware Level binaries, that do not actually run inside of Android. Instead, you can Have them run at initial boot with the other QualComm softwares/firmwares simultaneously. Think of the old "Binary Counter" prior to the Knox Generation.
This poses the question, "What is Samsung Knox?" There are several parts to this answer.
First, Knox describes itself as a type of container. Android, applications, almost every peice of software (to include partitions!) runs inside of the Knox container. Each and every application, process, task, etc, can be licensed to be run inside of this container. There are actually two containers, the secure boot, and the User/Industry/Commercial/Government container.
The secure boot, SELinux for Android, and TIMA (TrustZone-based Kernel Integrity Measurement Architecture) all work together to prevent unauthorized OS/Startup Software from loading, unauthorized changes to the kernel, and unauthorized changes to the operating system itself.
I have nicknamed this the "Tier 1 container." As it precedes, OS start up, but launches after the QualComm proprietary blend.
Second, it behaves as an Application-Specific container as well! (I call this the Tier 2 container). That's right, Knox is a service, a Software Development Kit! Did I just blow your mind? Cool...
You see, Samsung thought it would be cool to reach out to the widest Demographic possible. John Doe, Jane Smith, Fortune 500, the DoD, Government entities, and all kinds of Businesses.
How it works is, a random developer, or company will sign up- and pay, for access to the SDK. Like any other closed software, they receive a license/key to use and operate the kit. Once the app or software is developed, they submit it to Samsung, and receive a license to allow it to run inside of Knox.
So why do this?
Knox allows companies to create apps that the end-user has no real authority over. The user might be able to update/edit documents, media, or maybe fill out a DA or DD form, but he or she will not have control of the app itself. Knox allows each app to have it's own configuration. An example would be that your an IT/IS professional, and you work for multiple companies as an adviser. Each company gives you it's own Knox licensed app so you can pull network stats for each network. Each app will have it's own VPN settings, security settings, password, user availabilty, and more.
Any type of intrusion or intercession to Knox, Knox's policies, or Apps (within the Knox Container) will set off a warning system. This we know as "Knox Notifications." As I've told other users, I don't think that Samsung reports us to AT&T or whomever just because we root our phones, or constantly troll on 4chan, but I do think that it is possible for a given company, or business to create an app that can log just such events.
Knox is its own kind of "asec" container. For more info on this, see the "Works Cited" below.
As for the supported devices, again I will point you to the "Works Cited" below.
If you still have questions after reading this, please visit the SamsungKnox.com page. As this was meant as a brief, quick glance article.
Works Cited:
https://www.samsungknox.com/en
What is Samsung Knox?
What is a Knox Container?
What's the Difference Between Knox and Virtualization?
What's the difference between the Knox license, and the Knox SDK license?
Which Devices are Currently Supported?
Two things to take away from this:
(1) We've obtained root, which means Knox securities can be defeated.
(2) Commands, scripts, and/or binaries can be passed to, ran within, or be exploited by, Knox.
Let's see how far we can smash it into the ground.
I'm still seeing Android System using the lion's share of my battery life and I've started looking at the services running within it. The IPSec service is always near the top of the Android System pile and I was wondering if it's safe to disable it.
Some light Googling is turning up the service is related to VPN networking but there's not much more available (at least at an entry level of understanding). This link provides a decent understanding. I don't use remote access or corporate VPNs. My only real question is if I disable it using the App manager, are there routine functions that might be disabled? Should I be weary about Samsung Pay?
Thanks!
Finaly have you find a solution ? i'm reseaching on google and i can't find how disable ipsec on android , if you have know how do this , please let me know
Root your phone to enable super user abilities, and search for ipsec in rom manager, then disable it.
Realizing Im going back in time.. Or if you have a device like the Samsung S6 Active, an AT&T branded, close to perfect device which I have yet to find a way to Unlock the bootloader and root ..? Try AdHell-2. The link(s) are here at XDA. You must... 1.) Create a Samsung Account, 2.) Apply for a Developers Account SEAP, 3.) Request a License Key, 4.) Toggle On Unknown Sources in Settings/Lockscreen & Security/Unknown Sources, 5.) Install the AdHell-2 .apk, 6.) Then Activate the App by Copying your License Key. * This is a great App which not only serves as a highly-efficient Ad Block, but also allows for the Disabling of System and User Apps. Anyone reading this know of a way to root the S6 Active?
Hi I have a note 4 (marshmallow 6.0.1).
If I tripped knox by either rooting or flashing a custom rom, and then if I decided to revert back say i unrooted and re-flashed the stock rom.
Assuming everything is back normal except that
now you have "knox warrnety void 0*1"
Will I still be able to:
-Enable Knox active protection from Samsung's "smart manager" app.
-Use "Samsung my knox" app
-Use Samsung pay or android pay
-Do OTA updates
Or is having a "stock non-rooted rom" still not enough and you won't be able to do all of the above as long as you have already tripped knox?
(Also apparently you cannot enable it while "rooted" even if you have managed to root it without tripping Knox).
Thanks in advance :good:
I cant confirm things like Android/Samsung Pay, But you cannot use the Knox App anymore. Smart Manager still says protected on mine, and yes OTA updates will work (assuming your not rooted). I'm on stock 6.0.1 rooted myself and I find no issues. Once I got rid of all the bloat. TW actually seems pretty decent. However I do throw on Nova if I want a change.
cash2387 said:
I cant confirm things like Android/Samsung Pay, But you cannot use the Knox App anymore. Smart Manager still says protected on mine, and yes OTA updates will work (assuming your not rooted). I'm on stock 6.0.1 rooted myself and I find no issues. Once I got rid of all the bloat. TW actually seems pretty decent. However I do throw on Nova if I want a change.
Click to expand...
Click to collapse
Amazing thanks for your helpful reply, so you can't use my Samsung knox app. Don't really care about it.
And what happens when you try tp activate "knox active protection" if you have already triggered knox? assuming of course you're not rooted
Does it give like an error?
mandroid email said:
Amazing thanks for your helpful reply, so you can't use my Samsung knox app. Don't really care about it.
And what happens when you try tp activate "knox active protection" if you have already triggered knox? assuming of course you're not rooted
Does it give like an error?
Click to expand...
Click to collapse
I'm rooted at the moment. I don't have exact error right now, but it basically tells me the phone isn't "secure" and cannot use the Knox app. Which for most users it isn't an issue, The Knox app is for someone who wants security for certain things. But overall its for a BYOD environment. A company may want to set up a secure workspace for the email and company files. Then if you ever leave (or lose your phone) they can blow away that information without touching your personal info.
cash2387 said:
I'm rooted at the moment. I don't have exact error right now, but it basically tells me the phone isn't "secure" and cannot use the Knox app. Which for most users it isn't an issue, The Knox app is for someone who wants security for certain things. But overall its for a BYOD environment. A company may want to set up a secure workspace for the email and company files. Then if you ever leave (or lose your phone) they can blow away that information without touching your personal info.
Click to expand...
Click to collapse
Aha I understand now, thank you very much for your helpful response, appreciated.
Reactivation lock will not work if knox is 0x1 - not sure if that's a deal breaker though.
Hi mates.
I've switched from note 3 (greatest phone I've ever bought) to note 8 and I'm encountering a problem with the email configuration.
Actually, on the email application of note 3 I was able to add a personal PGP certificate for signing an email (or even deciphering emails from my contacts). The current Samsung email application seems to not have such feature... can you confirm this to me?
It's about to be weird, since they are spotting the encryption feature into the app description on the play store. Thanks
Interesting. I did a quick test just now and found the same.
The option exists to manually import a series of certificates but that's where it ends.
However, according to the Knox Workspace 2.9 IT Admin Guide, it appears that Samsung wants you to have Knox enabled first and use their default mail client for S/MIME or PGP to be an option.
See here:
https://docs.samsungknox.com/KNOX-Workspace-Admin-Guide/Content/knox-workspace-apps.htm
I'd test further but I've rooted my device so I have no access to Knox.
As a workaround, you could convert PGP to PKCS12 and try to import. Alternately, there appears to be some PGP-compatible apps on the PlayStore.
Good luck!
A_H_E said:
Interesting. I did a quick test just now and found the same.
The option exists to manually import a series of certificates but that's where it ends.
However, according to the Knox Workspace 2.9 IT Admin Guide, it appears that Samsung wants you to have Knox enabled first and use their default mail client for S/MIME or PGP to be an option.
See here:
https://docs.samsungknox.com/KNOX-Workspace-Admin-Guide/Content/knox-workspace-apps.htm
I'd test further but I've rooted my device so I have no access to Knox.
As a workaround, you could convert PGP to PKCS12 and try to import. Alternately, there appears to be some PGP-compatible apps on the PlayStore.
Good luck!
Click to expand...
Click to collapse
Many thanks!
Well... Samsung My Knox has been replaced by Personal Area and even if I configure an e-mail account inside it, the email application doesn't show the "advance" security options.
That's makes me vary mad...
Thank you for pointing that out. I had forgot that 'My Knox' had been retired.
I was pouring through their white papers and what not, and I'm thinking this must've been a business strategy; give consumers a moderate level of security via 'Secure Folders' and leave more advanced features for enterprise environments via 'Knox Workspace'.
See this:
https://docs.samsungknox.com/KNOX-Workspace-Admin-Guide/Content/knox-workspace-apps.htm
The options exists for those utilizing 'Knox Workspace'; even outlines full instructions.
Bearing in mind the samsung side-definition of what a Knox-workspace is, such a feature should be enable even inside the personal area. Idk how can I signaling this to samsung, it seems very weird to me...
Anyway, you gave me material for getting useful information for reporting that to the assistance, at least. Thank you
DarkIaspis said:
Bearing in mind the samsung side-definition of what a Knox-workspace is, such a feature should be enable even inside the personal area. Idk how can I signaling this to samsung, it seems very weird to me...
Anyway, you gave me material for getting useful information for reporting that to the assistance, at least. Thank you
Click to expand...
Click to collapse
No problem. Happy to help.
I've also reached out to Samsung myself to inquire further:
https://www.samsungknox.com/en/contact
Hopefully we can come up with a definitive reasoning.
Update
@DarkIaspis
I have been communicating with Samsung since the start of this thread.
Today they confirmed that PGP was removed, as evidenced by this thread, and only S/MIME will be supported.
I have included a screenshot but have removed any personal details about myself and the contact at Samsung.
A_H_E said:
@DarkIaspis
I have been communicating with Samsung since the start of this thread.
Today they confirmed that PGP was removed, as evidenced by this thread, and only S/MIME will be supported.
I have included a screenshot but have removed any personal details about myself and the contact at Samsung.
Click to expand...
Click to collapse
Hi Darklaspis
Were you able to make it work? I've tried everything but couldn't find a way to encrypt my mail from samsung mail app.
Is there any way you can helpme please?