this post was submitted on 25 Jan 2026
544 points (99.3% liked)
Technology
79298 readers
3485 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yep, Samsung Knox is the feature name; does it actually prevent things or is it just "tamper evidence" for corporate devices?
It's the blanket name for their security architecture. The thing that makes sure your kernel is blessed, tries teo tell if you're rooted, then sets a fuse flag if anything is off. It also provides a secure, encrypted profile for your phone that bifurcates apps, data, blocks screenshots. The data from the flag is available to apps to tell that your phone is potentially insecure. For the most part, they only block Samsung banking/pay apps and make your secure partition inaccessible.
My next phone will be something degoogled. hopefully something linux.
I've already wiped an old disconnected android phone for use with my drone/cameras that require a mobile device.
According to the linked article it prevents the use of Samsung Pay and access to the Secure Folder (an extra layer of security you can enable that requires a second PIN to be input before you can access certain apps and files). This seems pretty reasonable, the goal is clearly to prevent access to especially sensitive data if someone has stolen the phone.
It's not reasonable in my opinion.
I can maybe understand not wanting other operating systems in their attestation chain that is protecting a payment system from the standpoint of liability.
All of the other things are entirely hardware features that any OS should be able to use. They're using the ARM Trusted Execution Environment (ARM TrustZone) and a embedded Secure Element to enable the ability to store cryptographiclly secured files without the system ever having access to the keys.
Both TEEs and eSEs are not a Samsung invention or IP and are enabled by hardware on the device, the TEE is part of the ARM standard and is used in a huge number of other OSs (https://en.wikipedia.org/wiki/ARM_architecture_family). Secure Elements are also widely used pieces of hardware supported by innumerable OSs and also a feature of the hardware that you paid for.
GrapheneOS also claims it's not defending against anything real. Which makes sense as Pixels can clearly maintain security while allowing alternate OSes. So this is just hostile vendor lock-in. Disappointing as there was some speculation that OP would be the GOS OEM, but there's no way they would do this is that was true.
Sad. Having used the OPX, OP6T, OP9, and briefly the OP10, I can honestly say their hardware is usually pretty good. I went to Graphene on a Pixel for the software. Software was always Oneplus' weak point so it's extra silly that they're doing this. So many hobbyists have bought OP hardware and used it with software of their choice. They started co-developing their Oxygen OS with Oppo a while back and that's when it really went to hell.
They started developing Oxygen around the time of OnePlus 2. I used my OnePlus One into 2020, it was a nice phone. It’s sad to see how they’ve gone down this nasty path.
That makes sense. I figured they were worried that an alternate OS would be more likely to exploit their encryption somehow, but if it's all using industry standard hardware then it really ought to be open.