IT debris

KNOX app separation - continued

· Remy

We have been using app separation (a KNOX feature) for about two and a half years on a large scale (thousands of users) now. App separation helps to allow apps not entirely in our control on our fully managed devices by separating them from our business apps. This makes our mobile workplace more versatile and reduces the need to do something on a personal or unmanaged device.

  1. All the previously mentioned issues and limitations still exist at the same level. On a positive note, we did not encounter any new big issues.

  2. After an Android major upgrade (from 12 to 13) the icon cache was corrupted on some devices.

    The app separation container seemed empty with everything lost. After changing the background of the folder or adding an additional app all the apps reappeared.

  3. During an Android major upgrade (from 12 to 13) the app separation container disappeared or was reset for a very small percentage of users.

    Those users lost all their apps and related data contained in app separation. It was impossible to reproduce and get logs or a dumpstate for Samsung support to investigate on. We suspect the seed of this issue was created during initial setup of the device and came to expression during the upgrade from Android 12 to 13.

    This issue and the seemingly empty app separation folder from #2, which also looks like a loss of all apps and data in app separation, led to extra calls to our service desk and some hesitancy to upgrade by our end users.

  4. During a major upgrade settings are reapplied and new features and behavior becomes active.

    A few apps that use Bluetooth to connect to peripheral devices started to work.

    On the other hand we lost the ability to take screenshots in app separation. We have always disabled taking screenshots through our MDM, but on Android 11 and 12 this setting wasn’t applied in app separation. After the upgrade to 13 that setting became getting applied in app separation. I prefer this consistency but a few of our users had an issue with the loss of the screenshot functionality. There is no way to exert direct control over these kind of settings in app separation so we couldn’t roll back this change.

  5. More apps are adding dependencies on Google services (especially ad and payment related stuff) that only exist for user 0 limiting the usefulness of app separation.