Google details Samsung Knox integration in Android L

Google is set to shore up enterprise support in its upcoming Android L release. Aside from improving the core set of APIs developers and IT administrators can use, the Mountain View-based search giant is partnering with Samsung to offer a set of non-hardware specific Knox features across the Android L ecosystem.

Now in its second iteration, Knox offers Samsung Galaxy S and Galaxy Note users the option to compartmentalize work data on a personal device, protecting vital enterprise data from being shared with other apps, and to protect both the user and the company in cases of theft or loss.

Google separates Knox integration into three categories: Device and Data Security; Support for IT Restrictions and Policies; and Mobile Application Management.

The first comprises the ability to separate data on work and personal apps. Google says it will treat personal and corporate apps as two separate users, employing the multi-user functionality that was built into Jelly Bean. According to the Android developers blog, “personal and corporate applications will run as two separate Android users.”

“Data is kept safe by using block-level disk encryption as well as verified boot technology. For those of you familiar with KNOX, this is analogous to KNOX Workspace.”

The new Android SDK APIs are taken from Knox and let IT administrators set policies and restrictions for individual or groups of Android devices connected to a single network through provisioning. They can also push out apps, restrictions and updates remotely.

Samsung plans to offer a a “Knox Compatibility Library” for Android developers to port their Knox-only applications to the rest of Android.

At this point, it looks like Samsung will still offer a number of hardware-specific features with Knox that will only be available on select Galaxy devices, such as Trusted Boot, Customizable Secure Boot and “Trustzone-based Integrity Measurement Architecture.” These features ensure that users cannot modify the device’s kernel, or mess with the boot process, which is often how malware is injected into secure devices.

In other words, all of Android L will offer Knox, but only Samsung will offer Premium Knox.

It’s a hard Knox life.