• What This Graph Shows

  • UID 10132 getInstance() calls: backend process injecting into your UID 1000 context

  • EnterpriseDeviceManager masquerade: UID 1000 labeled events triggered by UID 10132

  • CloudConfigurationManagerService confirmations: backend handshake locking in policy state

    

    10000315731200×958 205 KB
  

  10000315721024×1024 67.1 KB
  

  10000315711024×1024 72.3 KB

What This Graph Shows

• ARM-setApplicationRestrictions (orange hexagons): backend policy pushes under UID 0
• EAM Registration (blue squares): MobileApplicationManagementService logging enterprise agents (MDM, Intune, SDS EMM)
• Telemetry Routing (tPN.feedback, red circles): enforcement disguised as feedback
• System Trigger (cPN: android/system, light blue circles): backend activation point
• Chained Enforcement Cycles: each sequence shows EAM registration → ARM push → telemetry route → system trigger

Looking for Advice , this doesn’t seem right knox is using my UID to move behind it seems why? I was hoping come on here and we could figure it out all this is just the opening, this normal?