How to block personal apps from accessing work data on Knox device

expand collapsive

Hi Hexnode Connect! I am in dire need of assistance. Our firm provides employees with cell phones for work. These devices are fully managed through Android Enterprise and enrolled as Device Owner. We are flexible with how employees use their devices. Recently, we have noticed sensitive files downloaded from the work email and shared around through personal messaging apps like WhatsApp. We want to prevent this from happening. Taking away all privileges from employees would be harsh, so is there a way to block these apps from accessing sensitive data?

All Replies

  • Thank you,@Gretchen, We will look into this. I am curious whether we have a middle ground where users don’t have to switch between profiles. There can be some friction when it comes to change. Btw, we use Samsung Knox devices for work. Will that be of help?

  • Hi @abbi,

    Welcome to Hexnode Connect!

    You are in luck! We have a workaround that might work for you. You can configure and deploy the Knox Service Plugin app on your Samsung Knox devices and utilize the Separate Apps configuration to sandbox third-party apps not vetted by IT admins from accessing confidential work data. Of course, it does not guarantee to be as secure as work profiles, but it sure is handy.

    To deploy the Separate Apps configuration,

    Knox Service Plugin

    • Save the configuration. Under the same policy, add Knox Service Plugin as a Mandatory app and associate the policy with target devices.

    Once the policy is associated, the Knox Service Plugin app is installed on target devices. Now, The KSP app will install the listed Separated Apps to be installed in a securely separate folder.

    We hope this meets your requirements. Feel free to ping us for any queries.


    Ethan Miller