I've got a locked Samsung Galaxy Note 10+ 5G (running the latest android 10 and patches) The phone is locked with a pattern (unknown) What are my chances of any data extraction with cellebrite or other forensics tools while I can not unlock the phone? Also how secure is Knox efuse? will it damage the phone/data when an untrusted bootloader is detected?

I was reading on the Knox platform enterprise documentation online and I came across a policy that takes an action upon OS tamper detection. Also on another site (Knox manage 24.09 release notes ) it just says that this option is recently introduced with the 24.09 update to the Knox manage client. So my question here is, Does this policy **only apply** or **take effect** if Knox manage client is installed?, assuming someone managed somehow to tamper with the OS and bypass the factory reset protection, and managed to flash a custom firmware or something else, will the device get locked down without Knox manage client installed?

On Samsung devices there's a /system/app/AASAservice/AASAservice.apk with app id *com.samsung.aasaservice*. It seems to be tied to ASKS Security Software via AASA_ASKSManager . What is it for? One bit of information was posted on reddit : > This is an application for updating terminal security policies. > > - Update existing security policies to suit the latest security > technologies and issues. > - This app is designed to reduce security risks and keep information > safe > > (Pulled from app description, translated from Korean). Apparently something as Samsung's equivalent to Android Device Policy . What is the origial app description in Korean? Are there official Samsung docs, maybe in Korean? Can it be safely disabled if not using Samsung services?

I bought a Galaxy Tab S6 and I'm going to verify if it is really brand-new. I personally haven't alter the device and the above picture is from this device's Download mode screen immediately after my purchase. It reads: - RPMB fuse Set - KG STATUS : PRENORMAL I have no idea whether

fuse Set

is a factory state. Is it? Concerning

STATUS

being

, I don't think this as a factory state (it seems the seller has already tried to flash an unofficial ROM or perhaps tried to flash back the official ROM from Android 10 to 9) Do you see any clue that could be used to prove that this device is not in factory state and not brand-new?

Passwords saved in Samsung Pass will be stored in Knox Vault. So, are the passwords saved in Google Password or other third parties also stored in Knox Vault?

I have the company owned Samsung Galaxy. I probably have MDM software on my phone - I see I have Knox 3.3 version, TIMA 3.3.0 and there apps: "Knox Analytics Uploader, "Knox Enrollment Service", "KnoxVpnPacProcessor", "Enterprise Sim Pin Service", WlanTest, "MDMapp". It is likely that administrators also use the Intune environment. From what I've read, MDMs don't have the access to things like downloaded files or internet history unless they connect the user through a VPN or proxy, is this true? In my case in the phone's settings under connections there's stance "No VPNs". Also there's "none" in proxy connection settings. **My question is**, can I be signed up to a corporate proxy or VPN without knowing it (not having the infomation about it in the phone settings I mentioned)? I would be very grateful for information from people who know about this. Thanks!

I recently purchased a Samsung A23 and today I "factory reset" it. The first screen that appears during first boot (after "factory reset") says the following: > Knox Deployment > > Samsung's Knox Enrolment Service enables you to enrol your phone with > a company. Select an option below to start enrolment. > > Bluetooth: Enrol by pairing your phone with your IT admin's device. By > proceeding, you agree to allow access to your phone's location. > > Wi-Fi Direct: Enrol through a Wi-Fi Direct connection to your IT > admin's device. By proceeding, you agree to allow access to your > phone's location. > > QR code: Enrol by scanning a QR code. By proceeding, you agree to > allow access to the camera. I have never enrolled with Knox before, and I can do nothing with my IT admin's device because I have no IT admin. I am confused by the wording used on this screen. Does this screen mean that my phone has ***previously*** been enrolled with Knox i.e. that I need to know the credentials of the previous enrolment for me to be able to continue to use the phone? Or is this screen trying to get me to enrol my phone with Knox ***for the first time***? TIA.

I am having problems setting the kernel to permissive (SElinux). I have already tried the setenforce 0 command with terminal but it immediately goes back to enforcing as soon as I set the setenforce 0 command. So I finally got fed up and decided to monitor what was actually going on in my phone by using a logcat. After looking at the logcat, I found a line of code that could be setting the kernel to enforcing by default. Here is the code: /audit ( 6001): type=1404 msg=audit(1479393162.929:264): config_always_enforce - true; enforcing=1 old_enforcing=1 auid=4294967295 ses=4294967295 The config_always_enforce is set to true so that means I should probably set this to false. Unfortunately I don't know where this value is in my system. Does anyone have any idea? I have a Galaxy S6. Also, I removed all the Knox apps, but everytime I reboot, I get Knox folders reappearing and a file called knox emulated in the /storage folder. Have I not removed all the Knox apps? I will post my logcat that way ya'll can take a look at it. I hope you all can help me because I really want a custom ROM so I can use Xposed.

I have a Samsung S20FE with Android 11 and rooted with Magisk. I have installed 'autostarts' from F-droid wanting to disable the Spotify app which pops up at each boot. When browsing through the app list, in section "After startup", there was this Knox system app which is some kind of encrypted vault and which is not working anyway on rooted phone, and I just clicked on it to remove the "after startup permission". Then this screen immediately appeared : "Phone Locked (4224) [...] because Device Services was uninstalled without authorization" ... and I could not find a way to get rid of it. What I still can do: - Power off and restart the phone - take screenshots! - receive Signal calls - probably many other things since it seems everything is running fine below this locking window - and most important, connect via adb and enter commands with a rooted shell I have tried via to 'pm install-existing' a few systems apps, to change permissions like 'xxx_BOOT_COMPLETED' to com.samsung.android.knox.kpecore, but it either did not do anything or it just said ok but did not work after a phone restart. Any idea ? - more precisely, how 'autostarts' works? is it just a GUI equivalent of 'pm grant/revoke' ? - can I fix /data/system/users/0/package-restrictions.xml ? I tried to access it but it is binary format and not sure how to manage it. I read that deleting it will just create a brand new one at the next boot. - any idea of system app or permission to change ? - if my last option is a factory reset, what would be the less intrusive option to avoid messing with personal data inInternal storage and or SD card ?

I understand that KNOX is specific to Samsung, but I'm wondering if other Android manufacturers employ similar mechanisms of permanently modifying the phone if you make software changes (ie blowing an efuse if you unlock the bootloader of your device so that even relocking the bootloader does not reset the phone.)

I bought a used Samsung Galaxy S23 from a large online seller. How can I check that all the software and firmware is original and not tampered with? I already did a factory reset from the settings menu. I'm wondering if there's a way to check the bootloader, firmware and other important systems. I tried rebooting into Download-mode (phone off, hold both volume buttons and plug in USB power), and the Knox status says KG STATUS: CHECKING(00). It never updates away from "CHECKING". Note that I don't have a SIM card yet. The phone was sold as originally Verizon locked but is now unlocked.

When I first started learning about installing custom ROMs like LineageOS, it wasn't long before I was made aware of the security implications involved, particularly with unlocking the bootloader. The rooting is not as big an issue in itself once the custom ROM installed from what I know. The ROMs come with things preinstalled and configured the way they should be. Rooting more risky for security on a non-flashed device, but in the case of installing a custom ROM, it's still important to know the implications of leaving the bootloader unlocked. The device I had at the time was a Galaxy A20 and not officially Lineage supported. Being my first Galaxy device, I noticed this new feature set called Knox. From what I know about Knox it is a hardware-based security scheme. This sounded like something pretty fail-safe to me when I first heard about it, and something that would probably be better left alone. When I first learned that rooting has the side affect of affecting your device's security, in the particular case of my Galaxy device, Samsung Knox was one of the first things that crossed my mind. I can only assume that rooting the device would nullify most of the benefits of the Knox security platform. It was at this point I decided that, as much as I may want to de-Google my phone, until I upgrade to an officially supported Lineage device, a custom ROM would probably not be ideal for my case with the A20 running Samsung Knox, due to the security implications involved. For context, I'm a longtime Tracfone user and have never invested much into my mobile device. The last couple phones I've owned have had enough limitations and missing features to persuade me to upgrade early. I finally decided to step it up and upgrade to a Galaxy S10e. This device is officially supported by LineageOS, but being a Galaxy model, it still has Samsung Knox. I am excited to finally own a custom ROM officially supported device, but again, my primary reason for upgrading was the storage space and feature set. I'm still trying to weigh the benefits between testing Lineage and giving up Knox. Perhaps a Pixel with Graphene would be a better device to de-Google but I am new to custom ROMs so between what I learned about having an unlocked bootloader and the benefits of running Samsung Knox, I've sort of reached a point of needing more info on Knox. I don't really know the specifics of what I'd be giving up by rooting a Knox device. I am aware of some of the soft features such as secure folder and secure WiFi. That's about it though. Some reviews even indicate it might not be all it's played up to be. But this page from Samsung's website has me pretty sold on its ability to block advanced attack methods by implementing government grade-security. Reminds me of some new PC features like secure boot and core isolation. I need to ensure my device's data is protected and safe if lost or stolen. Some of what I've read has made me wonder if this is even a use case for Knox. It seems like it according to Samsung though. It then occurred to me, "can I 're-lock' the bootloader, so to speak?" If I were to do this, would it be at all comparable to my formerly Knox-secured device? Is it even possible? That's when I discovered that Android has something called user-settable root of trust . The problem with locking the bootloader after flashing a custom ROM is the risk of the bricking the device. From what I can tell, this is where user-settable root of trust comes in. On certain Android devices, the user can add the new ROM as a valid signature when the device boots. So in summary it appears one thing I can be sure of is that if I root a Galaxy device, I will be giving up Samsung Knox because the Knox Warranty Bit will be tripped. But perhaps there is a way to either encrypt the device or implement user-settable root of trust, depending on the device. Would such a device keep its data secure if lost or stolen and how well would this compare to stock ROM running Knox?

I have a galaxy s8+ (model number: SM-G955F). It is knox tripped but the build status is still official. But when trying to update to the April 1st 2021 software update it downloads all the way, does a restart but then says error and does not update. Is there a way to fix it or does the fact that knox is tripped mean I can no longer update security patches?

I bought this Samsung Galaxy M12 (SM-M127G/DS, Exynos 850, 6000 mAh battery, India version) about 11 days ago. Since then I have been dealing with this RMM state issue, struggled to find a way for OEM unlock to show in developer options, and then root the device but no luck, no fix, or whatever. Things I have tried: - Waited 7 days (+168 hours) after signing in to my Google and Samsung accounts. - Factory reset 3 times so far. - Tried the change date and time trick. - Tried the update trick. After all of these, nothing worked, so then I thought that maybe removing Knox via ADB will solve this issue. Is it possible? Will it damage the device? Will it solve this issue?

Our company purchased 100's of Samsung Tablets. We need to install Samsung KNOX on all of them. Right now, we need to power on every device and manually connect to WiFi and download Knox. I'm wondering if there's any alternative where we can just connect it to a computer and have some software on the computer that will connect to the tablet and take care of the all the setup steps.

If you have Knox installed in your Samsung device and you try to root the device using the Kingo root app, will it brick your device?

I have a Samsung Galaxy Note 3 (N9005), and it has a problem with GPS. It's definitely a hardware problem, as I changed the software and did everything, software-wise, to fix it, but no use. I would like to send it for repair, but my knox bit is 0x1. I searched A LOT... on how to reset that, and I couldn't find a clear answer. (if you know one that's working, I'd appreciate that). **My question is:** What is Samsung's statement on knox warranty? Is it that I lose warranty on everything if my knox bit is 0x1 or just to software issues? Many people have said many different things and I'm confused! I couldn't find any official source from Samsung explaining this... could you help me find one? Thanks.

I have problem with KG State prenormal on my Samsung Galaxy A8. So, I installed TWRP, after I installed SaboorROM, and after connect to WiFi, the device set's the KG state to Prenormal and I was unable to boot into TWRP or into SaboorROM. So I installed Stock ROM (AP: A530FXXSBCTC4 | CSC: A530FODXBCTC2). After install I enabled Developer settings and OEM was already unlocked. So I tried to "date|time changing experiments" to reach KG state checking, but nothing worked. Than I was about 500 hours if KG state will change, nothing :/ OEM: unlocked FRP: unlock KG: prenormal Binary: 11 Android: Pie **How to change KG state?**

I currently own a Samsung device with 730g snapdragon processor,I wish to root the device After some research what I have understood is, Exynos processors Have efuse, which can be blown when unsigned code is run during boot(when trying to root) and essentially trips knox permanently Since my phone has Qualcomm Snapdragon processor, would it trip knox permanently when I try to root the device?

I own a Galaxy tab a 10.1 with s pen (2016). I flashed via odin, twrp 3.1.1.0 and the system booted fine. Then I flashed the last version of SuperSU and since then the system doesn't turn on and I get the famous Verification failed. Unable to restart your device. The integrity verification has failed. You need to restart your device to factory default settings. This will erase your data. As I can't access my data in twrp, I tried to flash no-verity-opt-encrypt (6.0) but it doesn't help and I still can't access my data on the internal storage from twrp. Before I do a factory reset, I'd like to backup my data. Do you know if it's possible or how can I fix this error? Will flashing the stock firmware help?