Based on the Samsung announcement, from Android 15 (Knox 3.11) onwards, apps must run as the Android Enterprise Device Owner (DO) of a fully-managed device, or the Profile Owner (PO) of a work profile, to access select Knox SDK features.
This means our app, Splashtop Streamer/SOS, will not be able to access the Knox SDK on Android 15 Samsung devices, which prevents unattended remote screen capture and control.
Additionally, some Android 14 Samsung devices might also face similar restrictions due to their system implementation.
Solutions
- For personally owned devices, the only way to enable remote screen capture and remote control is to grant Accessibility manually.
- For devices managed through MDM, OEMConfig is the recommended method to address this issue. This article will use Intune and Google Workspace as examples to illustrate the steps:
The OEMconfig steps on Intune
Step 1: Push Knox Service Plugin app and Splashtop Addon: Samsung (Knox) app to target Samsung devices.
Step 2: Go to Devices in the left pane of Intune console, choose Configuration profiles in the middle pane, and click create profile in the right pane. Select Android Enterprise as the platform and OEMConfig as the profile type in the pop-up, then click Create.
Step 3: Give the profile a name, and select Knox Service Plugin as the associated app in the right pane.
Step 4: In the Configuration settings page:
- [Profile Name] Input a name for the setting profile
- [Enable device policy controls]: Click Configure besides Device-wide policies, in next screen, turn on “Enable device policy controls”:
- [Enable application management controls]: Click Configure besides Application management policies, in next screen, turn on “Enable application management controls”:
-
[Enable Add applications for accessing the Knox SDK]: Go to the Application management policies section, in next screen, turn on the "Enable Add applications for accessing the Knox SDK"
-
[Add Splashtop Knox add-on for accessing the Knox SDK]: Click Configure besides Add applications for accessing the Knox SDK. In next screen, click the three dots besides [Add applications for accessing the Knox SDK] of the content tree, select [Add setting]. In the next screen, input:
-
Package Name — Input the string "com.splashtop.streamer.addon.knox"
- Signature — (Optional) Specify app signature
- Scope — Choose [REMOTE CONTROL]
-
-
Step 5: Save and set the Assignment to push to the target devices.
The OEMconfig steps on Google Workspace
Step 1: Set "Force install" of Knox Service Plugin app and Splashtop Addon: Samsung (Knox) app to target Samsung devices.
Step 2: Go to Apps in the left pane, choose Web and mobile app in the middle pane, then click the and Knox Service Plugin app item. Choose Add managed configuration: 
Step 3: In the Configuration settings page:
- Name the managed configuration
- [Profile Name] Input a name for the setting profile
- [Enable device policy controls]: In the Device-wide policies section, turn on “Enable device policy controls”:
-
[Enable application management controls]: In the Application management policies section, turn on “Enable application management controls”:
- [Enable Add applications for accessing the Knox SDK]: In the Application management policies section, turn on the "Enable Add applications for accessing the Knox SDK"
-
[Add Splashtop Knox add-on for accessing the Knox SDK]: Click Configure besides Add applications for accessing the Knox SDK. In the next screen, input:
-
Package Name — Input the string "com.splashtop.streamer.addon.knox"
- Signature — (Optional) Specify app signature
-
Scope — Choose [REMOTE CONTROL]
-
Step 4: Click Settings of Knox Service Plugin, in the next screen, choose your configuration as the Managed Configuration, and save the settings.
Important: Regardless of which MDM platform you're using, the parameters required for the Knox Service Plugin remain the same. Since the configuration is handled by the Knox Service Plugin itself, it is independent of the specific MDM solution in use.