About 85% of the smartphone nowadays are running on Android.  The latest version of Android, Android 5.0 Lollipop is a big release for Google’s mobile OS. It comes with UI overhaul, a number of reworked features and a few of additional new features. Among these new apps is Knox.

Knox is known to be installed in Samsung Galaxy. One of the examples of Samsung model which is using Knox is the Samsung Galaxy S4. As in the advertisement for Samsung, explaining about Knox is that it is a container which improves the user experience, providing security for enterprise data by creating secure zone in the employee’s device for corporate applications.  The enterprise data is encrypted either at rest or in motion. KNOX workspace container provides users with an isolated secure environment within mobile device, complete with its own home screen, launcher, applications and widgets for easier, more intuitive and safe operation. Application and data inside the container are separated.

Knox is approved by the US Department of Defence and by NSA recently. However, an “unnamed researcher” claims to have found where KNOX keeps its security PIN in an insecure place. It is stored in the plain text file named pin.xml.

Responding to this finding, Samsung has responded with a blog post, denying that it is easy to access the PIN. It is only a trusted system processes which is able to retrieve the PIN and in the event of any system compromise, KNOX Trusted Boot will lock down the container key store.

Some says that Android Security lacks behind iOS security. Which one should we trust? Only extensive testing will answer that.