The reason why I ask this specifically is because I know rooting my S4 disabled HDMI output so I couldnt record gameplay on my S4 with a MHL cable so I was wondering if there is a page or thread here that lists all known effects of tripping KNOX counter on S6. Warranty is gone on this phone and cellular isnt working so gotta bring it into Samsung to fix but I have to backup the app data which I can't seem to do without rooting. I've created a full backup with Android Studio (used command prompt with adb backup command) and created a full backup with Samsung Smart Switch and neither backed up app data. So now I have to resort to rooting the phone and using Titanium backup to backup the app data. Its only for 2 social media apps which dont have a way of backing up messages and chat history. Also, either way the warranty is dead but will Samsung straight up deny all help if they see KNOX is tripped? Thanks
edit: re-read post and sounds little confusing. I updated the phone via OTA and some reason it factory reset it right after so lost the app data for those 2 apps. Thats how I know
For me, the most noticeable effect is permanently losing Samsung Pay.
I've had to service my S6 for a camera issue whilst KNOX was tripped (and still within the warranty period); sent it into Samsung and there wasn't any problem with them refusing to fix it.
Obviously your mileage may vary, but I think you should be fine so long as you flash back the stock ROM beforehand.
I have searched xda and stackexchange to get this answer but have not been able to get a comprehensive list of what all will go if I trip Knox. Some answers were very old so I wanna see what all will I lose now with the latest Knox in my S8+? Some of the things I already know but don't care about losing:
1. Samsung Warranty
2. Secure Folder
3. Samsung Pay
4. Banking Apps
My actual concern is about device security as a whole e.g. if my device gets stolen, then except the data in my Secure Folder being secure, is there any other advantage of Knox too? Like the thief wouldn't be able to boot up or use my phone or anything of the sorts? Or the internal storage would be encrypted and there'll be Secure Boot only with Knox? I plan to flash TWRP too so what all am I going to lose? It would be amazing if we get a complete list of Knox features.
If you disable FRP lock to use root stuff, any thief can simply install a new ROM to your device and get full access as an owner without any protection. If FRP lock is enabled (not rooted), the person who steals your phone has to know your Google account login to use the device, otherwise the phone will be a brick stuck in the setup process. When you get the phone back from the thief, you can login with your Google account and have access to the phone again.
If you want to root, go for it, but I don't really see the point right now. LineageOS is not a daily driver yet (amazing that it exists though!), Note 8 ROMs bring only a few new things like different Infinity wallpapers, and things that required root before (f.e ad blocking) can be now done without root.
My banking app works with root but the finger print option is not available because of root. only thing i do miss is secure folder as that does not work.
Hello,
I wasn't 100% sure if this was the correct thread or if I should have posted under the ROM section for this phone. We own a start-up company, and have signed some contracts with some larger companies. In one particular contract, we need to take certain security precautions.
My wife has purchased me a Samsung Galaxy S7 SM-G930W8 (the Canadian model). I live in the USA. It's unlocked and multi-csc (whatever that means). The product code is XAC (I believe that means unlocked). We contacted Samsung to verify that a USA sim card would work in the phone, which it does, and that it wouldn't lock the phone to that sim card, which it doesn't. So we're good there.
We explained the issue about the software. The phone comes with some software pre-installed that we cannot have on the phone if we're going to be using it as a company phone, which we would like to do. Samsung said we could disable most of the apps, which we were aware of, however, the contracts specifically states certain types of programs cannot be installed on our company devices.
I asked them if I where to gain root access and remove those programs, would it void the warranty. They said no. The only way we would void the warranty is if we dropped the phone and damaged it, or got it wet.
What would be the best way to go about removing these programs and trying to get a more cleaner version of Android? I understand that a ROM would have to be specific to this phone, because of the various hardware in the phone. But we are not looking for any "extra" programs that tend to come with ROMs to attempt and make them better. I noticed some ROMs for this phone include a custom installer, where we can pick and choose what we wanted installed. But they also come with customized kernels with various security features disabled (such as a fake version of KNOX).
Could someone recommend the best route to go here? Stability is extremely important, however, so is security. We cannot have unapproved third party apps / mods on the phone, but we have some leigh way there. For example, I could probably get around installing a custom recovery partition because the code on that custom recovery partition is not running while we're accessing company resources. If we have to go the route of using a custom ROM, we'd prefer one that supports over the air updates, but does not force them.
Any ideas?
Thank you and sorry for such a novice question. I had done a good bit of research into this and thought I found the perfect one, just to discover that it appears to no longer be supported and the thread on XDA has been deleted.
**EDIT: I should add that my wife upgraded it to Android 7, but I was afraid that would limit our options, so I downloaded the stock XAC ROM for this phone and used Odin to flash it back on, so it's currently running 6.0.1. I'm not sure if that makes a difference or not.
Thanks!
Am I reading correctly that you must completely remove the apps from the phone, not just disable them? The thread below describes how to disable system apps without rooting or otherwise modifying your phone's firmware.
https://forum.xda-developers.com/galaxy-s7/how-to/root-required-oreo-disable-apps-t3814249
Flashing modified firmware will disable Knox, which is something you might not want to do in your case. Also, if you're contractually bound as far as security precautions go, you're probably going to want to update to the latest Oreo firmware and keep it up to date with any security updates as they are issued by Samsung.
Hai Karate said:
Am I reading correctly that you must completely remove the apps from the phone, not just disable them? The thread below describes how to disable system apps without rooting or otherwise modifying your phone's firmware.
Click to expand...
Click to collapse
I apologize in advance if I get your gender incorrect, a quick google search shows your name is unisex. I am going to assume you are a male, until otherwise told so. Yes sir, you are reading correctly that I must completely remove the apps from my company devices, including this phone. I appreciate that my wife bought it for me, but she doesn't fully understand the business like I do and I don't think she really thought it through. I imagine it costed a good bit of money, so I'd hate to have her send it back because I cannot remove the apps.
I appreciate the links to the threads, however, I already know how to disable the apps, but that is not enough. They physically cannot be installed based on what they're capable of doing (ie, a potential for viewing documents / schematics / pcb layouts labeled as confidential or highly confidential, or even worse, being poorly written in such a way where the program is exploitable and someone gains unauthorized access to our network, the certificates we have installed on the phone, etc.)
Hai Karate said:
Flashing modified firmware will disable Knox, which is something you might not want to do in your case. Also, if you're contractually bound as far as security precautions go, you're probably going to want to update to the latest Oreo firmware and keep it up to date with any security updates as they are issued by Samsung.
Click to expand...
Click to collapse
[/QUOTE]
Updating to Oreo is something that we will be wanting to do, but something I have been holding off on, in case I have to flash a modified firmware, or ROM as it's sometimes referred to. As for Knox being disabled, I actually believe that is something we are going to need to happen, have it disabled. We use special software that provides similar functionality that Knox provides, but is a lot more advanced. We actually use a few products for that.
I do have to admit that my knowledge regarding cell phone firmwares is a bit limited, although I do write firmware for other custom created devices. My worries with custom firmware are:
1) Certain security features (excluding Knox) might be disabled or removed (ie, the ability to encrypt the internal flash, encrypt the MicroSD card, having SELinux turned off, having secure boot disabled)
2) The firmware containing programs that most people would find useful but stuff I cannot have. If I have the ability to uninstall it, that's okay, I can do that. But if it's stuck, like it is now, where I can only disable it, that is not okay.
3) Something being installed without my knowledge.
Our security setup checks company phones to see if they're rooted, and if they are, it marks the device as non-compliant. I can have a device as non-compliant for a few hours....but if it's marked as non-compliant for a few days, one of the larger companies we're dealing with call to ask why, and then we have to do a secure session, where they login to one of our devices, but cannot physically click anything, just look, and have us go into various software to see why it's non-compliant, and, well, it's not fun.
We had it happen once because my wife accidentally sent an email from a personal device to a in-house email address, which never got encrypted, and it triggered a security audit, which was not fun at all and I'd rather not go through that again.
Are there no bloat-ware free signed official images or is there no way for a developer to import a signing key into the device to keep secureboot enabled? Also, out of curiosity, why would running a custom firmware disable Knox? In our case, that's something we need, however, I was just curious. And if we go the route of custom firmware, is there a way to show that it's gone, or will all the custom firmware's install a fake version of Knox?
Thank you for taking the time to answer my questions. I really do appreciate it. I know how precious time can be, how busy a person can get, and I realize I have a lot of questions here, but I really need to make sure we're secure.
One of the programs we'll have on there is something called Symantec Endpoint Mobile. I am not sure if you have heard of it or not, but that provides virus protection, etc.
So CSC contains the regulatory information for my country and the providers....my phone is a Canadian phone. I thought Canada did not have Straight talk, yet, my wife's straight talk sim worked. I noticed in the recovery menu, it shows multi-csc. Does that mean my phone has the country specific stuff for more than one country? I'm wondering if I should try changing it to a US phone.
AP contains the kernel, the recovery partition, the system partition, and the bloatware, right?
BL is simply the bootloader.
If I could gain root on this phone without flashing a custom ROM or maybe somehow by just flashing something like TWRP without voiding the warranty, I could just modify the meta-data for the apps that I need to uninstall to allow them to be uninstallable, correct?
Since I went from a partial install of 7 back down to 6.0.1, my camera does not work. I'm wondering if it's because the ROM I used wasn't the correct ROM. It was the G930W8VLU2API1 ROM, minus the CSC, which was G930W8OYA2API1.
I've tried a factory reset, I've reflashed the ROM, using the non-HOME CSC, I've wiped the cache partition....still no camera. It simply says Warning Camera failed. I tried a few of the tricks I've read about on the net to fix it, but so far, no luck. Cleared the data and cache for just about every program, including the camera. I believe the problem might be because I have internet turned off right now, no sim card in, and even though I have automatic updates turned off, the phone still started to download an update.
Did Android 6.0.1 show Secure Boot status in Download mode? My wife, with the same phone, but the American AT&T unlocked carrier version (we paid full price), her's has a Secure Boot: Enabled. She's also running 8.0.0. With my 6.0.1, all there is is a Secure Download, which she also has, but no Secure Boot listed at all.
If secure boot is disabled, I should be able to flash any custom BL without tripping Knox, even if it's not signed.....right? I know with my datacenter, the bootloader changes even a bit, the servers and workstations are not booting, unless I sign the bootloader with my MAK.
**EDIT: Also, what exactly are these z3x things I see on the gsmhosting site? It's hard understanding exactly what they do based off their description because I don't think the developers native language is the same as mine. I go to z3x-team.com, and it almost looks like the device can do almost anything with the Samsung....upgrades, downgrades, unlock codes (wtf?), etc. Is it just a scam or are they worth the investment?
**EDIT2: I made a mistake. I guess there's some special Samsung Knox policy that gets applied to Samsung only devices, that configures it in some sort of way to make it compliant, so Knox has to stay.....
Hi Guys,
I've installed a bunch of apps to check for root including Safetynet and I'm actually in fact unrooted just bootloader unlocked and using latest version of LightROM.
Unfortunately no matter using magisk core or uninstalling everything, hiding from system and hiding the banking app it still detects Root and that's SUPER aggravating.
Is there a way to know exactly what checks is failing when an app is attempting to detect Root as I said I haven't even rooted yet..
The apps are SBM mobile and Juice byMCB.
Thanks for your help!
Airbag888 said:
Hi Guys,
I've installed a bunch of apps to check for root including Safetynet and I'm actually in fact unrooted just bootloader unlocked and using latest version of LightROM.
Unfortunately no matter using magisk core or uninstalling everything, hiding from system and hiding the banking app it still detects Root and that's SUPER aggravating.
Is there a way to know exactly what checks is failing when an app is attempting to detect Root as I said I haven't even rooted yet..
The apps are SBM mobile and Juice byMCB.
Thanks for your help!
Click to expand...
Click to collapse
It says detecting root but it's actually detecting Knox has been tripped via modification.
It's well known that some banking apps and others will never work on a phone that has or had a custom Rom installed at some point.
cooltt said:
It says detecting root but it's actually detecting Knox has been tripped via modification.
It's well known that some banking apps and others will never work on a phone that has or had a custom Rom installed at some point.
Click to expand...
Click to collapse
Thanks for your answer.. So I checked with a knox checker app and it can't tell knox was triggered saying it's 0x0 (I know the efuse was tripped but magisk apparently can hide it at least from non system apps) and all the root checkers and safetynet checkers I ran could not see anything.
I wish I knew what exactly tripped this app, not sure if an app developer can open it up and see the logic in effect at startup?
What are my options now?
Since I tried removing root/magisk - did not help
1. Flash stock? knox would show up as 0x1
2. throw away the phone as it will from now on never run this banking app? that seems super extreme and when I asked before unlocking BL everyone was adamant banking apps were not a problem anymore.. sigh
Airbag888 said:
Thanks for your answer.. So I checked with a knox checker app and it can't tell knox was triggered saying it's 0x0 (I know the efuse was tripped but magisk apparently can hide it at least from non system apps) and all the root checkers and safetynet checkers I ran could not see anything.
I wish I knew what exactly tripped this app, not sure if an app developer can open it up and see the logic in effect at startup?
What are my options now?
Since I tried removing root/magisk - did not help
1. Flash stock? knox would show up as 0x1
2. throw away the phone as it will from now on never run this banking app? that seems super extreme and when I asked before unlocking BL everyone was adamant banking apps were not a problem anymore.. sigh
Click to expand...
Click to collapse
Yeah those Knox checking apps are a load of rubbish to be honest. You can check if Knox has been tripped by booting into recovery and checking the Knox counter ,top left, bottom text.
When a phone is modified in any way which almost always requires root, an entry is made in the EFS partition which cannot be altered or you will lose IMEI and other critical data. As I mentioned some banking apps don't care about mods since when the app is used the connection is encrypted end to end but obviously some banking apps just won't take the risk and don't run full stop. This is why some people are saying what their saying about resetting/hiding Knox. Also as you know Knox is a physical efuse so how can software reset or hide it.
People just getting confused due to some apps working and some not but it's due to what I've just explained.
In future all banking apps are moving to completely non function if a phone has been modified so if this is important to you on a new phone ,don't ever root it.
cooltt said:
Yeah those Knox checking apps are a load of rubbish to be honest. You can check if Knox has been tripped by booting into recovery and checking the Knox counter ,top left, bottom text.
When a phone is modified in any way which almost always requires root, an entry is made in the EFS partition which cannot be altered or you will lose IMEI and other critical data. As I mentioned some banking apps don't care about mods since when the app is used the connection is encrypted end to end but obviously some banking apps just won't take the risk and don't run full stop. This is why some people are saying what their saying about resetting/hiding Knox. Also as you know Knox is a physical efuse so how can software reset or hide it.
People just getting confused due to some apps working and some not but it's due to what I've just explained.
In future all banking apps are moving to completely non function if a phone has been modified so if this is important to you on a new phone ,don't ever root it.
Click to expand...
Click to collapse
If that's really the direction things are going it's pretty sad. Android turning into crapple.
Anyway I was wondering how an app (Bank) could have access to the real knox status while another not (the app I used detected 0x1 without magisk and 0x0 with magisk)
I don't want a world where I can't bootloader unlock my phone.. Already I regretted not bootloader unlocking it because it's 2019 and android can't backup all my app data yet. So if I factory reset, bam all my redownloaded stuff has no saved data (or most of it) and that annoys the hell out of me. There should be a way to basically nandroid a backup to your computer or sd card and restore that whenever you feel.
I was super bummed a month ago, my stock unrooted s7e was extremely slow and unusable, after rooting, and installing LightROM all went back to being fluid. I was about to spend good money for a new phone now I can't use my banking app at all and I'm *****ing cause I use it on a daily basis.
Airbag888 said:
If that's really the direction things are going it's pretty sad. Android turning into crapple.
Anyway I was wondering how an app (Bank) could have access to the real knox status while another not (the app I used detected 0x1 without magisk and 0x0 with magisk)
I don't want a world where I can't bootloader unlock my phone.. Already I regretted not bootloader unlocking it because it's 2019 and android can't backup all my app data yet. So if I factory reset, bam all my redownloaded stuff has no saved data (or most of it) and that annoys the hell out of me. There should be a way to basically nandroid a backup to your computer or sd card and restore that whenever you feel.
I was super bummed a month ago, my stock unrooted s7e was extremely slow and unusable, after rooting, and installing LightROM all went back to being fluid. I was about to spend good money for a new phone now I can't use my banking app at all and I'm *****ing cause I use it on a daily basis.
Click to expand...
Click to collapse
How can some apps see knox and not others? Read only access to the EFS partition.
Samsung (along with all phone Manufactures) develop their firmware together with all the big app developers who intend to use the platform. The banking sector has been hit hard with all kinds of IT related fraud especially with mobile banking. Banks simply cannot rely on customers to secure mobile devices so the choice is, block their app from functioning on a device that has been compromised in any way shape or form whatsoever or carry on taking the hit for banking fraud. If i was a bank i know which option i would choose, especially as governments are ensuring banks refund customers for their own stupidity.
With regards to open source and Android community mods, while it's been great there is a serious downside to it. More and more companies & developers are protecting their work and intellectual property. Mods will become harder and harder as much tougher security is built into apps and firmware. It's enervatible. Nobody makes money from phones which don't track your usage habits or can't show ads etc. We are all the product!
Lets not even talk about built in obsolescence.
cooltt said:
Yeah those Knox checking apps are a load of rubbish to be honest. You can check if Knox has been tripped by booting into recovery and checking the Knox counter ,top left, bottom text.
When a phone is modified in any way which almost always requires root, an entry is made in the EFS partition which cannot be altered or you will lose IMEI and other critical data. As I mentioned some banking apps don't care about mods since when the app is used the connection is encrypted end to end but obviously some banking apps just won't take the risk and don't run full stop. This is why some people are saying what their saying about resetting/hiding Knox. Also as you know Knox is a physical efuse so how can software reset or hide it.
People just getting confused due to some apps working and some not but it's due to what I've just explained.
In future all banking apps are moving to completely non function if a phone has been modified so if this is important to you on a new phone ,don't ever root it.
Click to expand...
Click to collapse
I must admit I find it sad that no one found a workaround It used to be that the community could outsmart the manufacturers now it seems maybe they all got employed instead
I guess we had a good run
Hi all,
As per title, did you have to unroot for work reasons or did you find a way around the issue?
It's basically starting to become more of a hassle than a luxury to keep root on my 7 pro currently given the ever more ability for some apps to detect root. If I had a choice I would stay rooted. I've done the whole hide, rename, etc, that typically hides detection, but to no avail. Safetynet is passing.
Basically i'm just wondering is it possible to create a work profile on the phone and completely hide root from it? I've tried, but root is still being detected, but it could be some step i'm missing. T.I.A.
Yeah, my company wouldn't let me even set up Slack with my bootloader unlocked. I've been wanting to try some of these Android 11 ROMs coming out, but I need Slack and other services to be alerted when I'm away from my laptop. It's a bummer.