1. Splashtop Business - Support
  2. Usage & Deployment
  3. Access Android Devices

Enable remote control for Android 15 Samsung devices via OEMconfig

Avatar
April.yang

Based on the Samsung announcement, from Android 15 (Knox 3.11) onwards, apps must run as the Android Enterprise Device Owner (DO) of a fully-managed device, or the Profile Owner (PO) of a work profile, to access select Knox SDK features.

This means our app, Splashtop Streamer/SOS, will not be able to access the Knox SDK on Android 15 Samsung devices, which prevents unattended remote screen capture and control.

Additionally, some Android 14 Samsung devices might also face similar restrictions due to their system implementation.

 

Solutions

  • Attended access:
    • For personally owned devices, the only way to enable remote screen capture and remote control is to manually grant Accessibility. Therefore, it's only suitable for attended access.
    • To use it properly, please check your Knox add-on, make sure the for [Screen Capture], the chosen option is [System screen capture]:
  • Unattended access:
    • For devices managed through MDM, OEMConfig is the recommended method to address this issue and achieve unattended access. This article will use Intune and Google Workspace as examples to illustrate the steps:
      • Important: Regardless of which MDM platform you're using, the parameters required for the Knox Service Plugin remain the same. Since the configuration is handled by the Knox Service Plugin itself, it is independent of the specific MDM solution in use.

 

The OEMconfig steps on Intune

Step 1: Push Knox Service Plugin app and Splashtop Addon: Samsung (Knox) app to target Samsung devices. (Please make sure your Knox add-on version is v3.11.2+)

 

Step 2: Go to Devices in the left pane of Intune console, choose Configuration profiles in the middle pane, and click create profile in the right pane. Select Android Enterprise as the platform and OEMConfig as the profile type in the pop-up, then click Create.

intune-7-en_us.png

Step 3: Give the profile a name, and select Knox Service Plugin as the associated app in the right pane.

intune-8-en_us.png

Step 4: In the Configuration settings page:

  • [Profile Name] Input a name for the setting profile
  • [Allowlisted DAs]: Click Configure besides Device-wide policies, in next screen, add our Knox add-on into the DA allowlist:
    • Allowlisted DAs — Input the string "com.splashtop.streamer.addon.knox"
  • [Enable device policy controls]: Click Configure besides Device-wide policies, in next screen, turn on “Enable device policy controls”: mceclip1.png

 

  • [Enable application management controls]: Click Configure besides Application management policies, in next screen, turn on “Enable application management controls”:

  • [Enable Add applications for accessing the Knox SDK]: Go to the Application management policies section, in next screen, turn on the "Enable Add applications for accessing the Knox SDK"

  • [Add Splashtop Knox add-on for accessing the Knox SDK]: Click Configure besides  Add applications for accessing the Knox SDK. In next screen, click the three dots besides [Add applications for accessing the Knox SDK] of the content tree, select [Add setting]. In the next screen, input:

    • Package Name — Input the string "com.splashtop.streamer.addon.knox"

    • Signature — (Optional) Specify app signature
    • Scope — Choose [REMOTE CONTROL]

 

  • You can check if any settings are missing according to the following figure:

Step 5: Save and set the Assignment to push to the target devices.

 

 

The OEMconfig steps on Google Workspace

Step 1: Set "Force install" of Knox Service Plugin app and Splashtop Addon: Samsung (Knox) app to target Samsung devices. (Please make sure your Knox add-on version is v3.11.2+)

 

Step 2: Go to Apps in the left pane, choose Web and mobile app in the middle pane, then click the  and Knox Service Plugin app item. Choose Add managed configuration:

Step 3: In the Configuration settings page:

  • Name the managed configuration
  • [Profile Name] Input a name for the setting profile
  • [Allowlisted DAs]: In the Device-wide policies section, find Device admin allowlisting section, add our Knox add-on into the DA allowlist:
    • Turn on  "Enable device admin controls"
    • Allowlisted DAs — Input the string "com.splashtop.streamer.addon.knox"
  • [Enable device policy controls]: In the Device-wide policies section, turn on “Enable device policy controls”:

  • [Enable application management controls]: In the Application management policies section, turn on “Enable application management controls”:

  • [Enable Add applications for accessing the Knox SDK]: In the Application management policies section, turn on the "Enable Add applications for accessing the Knox SDK"

  • [Add Splashtop Knox add-on for accessing the Knox SDK]: Click Configure besides  Add applications for accessing the Knox SDK.  In the next screen, input:

    • Package Name — Input the string "com.splashtop.streamer.addon.knox"

    • Signature — (Optional) Specify app signature
    • Scope — Choose [REMOTE CONTROL]

Step 4: Click Settings of Knox Service Plugin, in the next screen, choose your configuration as the Managed Configuration, and save the settings.

 

 

The OEMconfig steps on IBM MaaS360

Please refer to the document: Remote control on Samsung OS15 devices

 

0 out of 0 found this helpful

Articles in this section

See more