During Google I/O 2014 we learned that Samsung and Google were teaming up to bring at least parts of Knox technology over to Android, in the form of a new Android for Work feature. This immediately led some to speculate that Samsung would be canning Knox altogether in favor of Android for Work, though Samsung latter denied this and promised Knox would continue to be actively developed.
So what exactly is the difference between Knox and Android for Work? Today both Google and Samsung have released statements to their respective blogs highlighting what Android for Work has borrowed from Knox and what’s different. In a nutshell, Android for Work contains all the non-hardware-specific Knox features including Security Enhancements for Android, enterprise APIs (derived from Knox APIs) and Knox’s data separation technology.
This means that hardware-dependent features like TrustZone will remain specific to Knox, and Knox will exist on top of Android L’s enterprise features for Galaxy owners, with Knox APIs acting as a superset of the new enterprise APIs. Here’s a full list of features from Knox that are not a part of Android for Work:
• TrustZone-based Integrity Management Architecture (TIMA)
• Real-time Kernel Protection
• Client Certificate Management (CCM)
• Trusted Boot-based Key store
• Remote attestation
• Trusted Boot
• Biometric authentication
• KNOX Smart Card Support
• Government-certified KNOX components
• Common Criteria
• STIG standards (FIPS certified crypto library, FIPS VPN, audit, etc.)
Just like Knox, you still get enterprise-level security, block-level disk encryption, and verified boot technology on non-Samsung devices but the overall presentation will be different. Most noticeably, instead of Knox Workspace, Google has its own managed profile system that will work a bit like the existing profiles feature found on Android tablets. Each phone/tablet will have just one managed profiled and IT policy managers will have centralized control over certain functions allowing them to enable and disable specific apps, set specific restrictions, wipe managed profile data and more.
Bottom-line, Knox and Android for Work are related and should perform similarly, but there are some differences. For developers, the most important takeaway is that applications built using Knox APIs will play nicely with Android L devices.