Unauthorized App Access

[sehmusaydogdu]

Describe the bug

I am trying use Android SDK 24.01. I made framework level integration.

To integrate at the Framework level, do the following tasks:

1. Add the Client SDK.
2. Add the Framework.
3. Initialize the Framework.

Even though I followed all the steps, I get the following error

Caused by: java.lang.RuntimeException: Unauthorized App Access. Add app to console and install via Anchor app. Error code: -71

Reproduction steps

1.Even though I followed all the steps, I get the following error

Caused by: java.lang.RuntimeException: Unauthorized App Access. Add app to console and install via Anchor app. Error code: -71

Expected behavior

I waited for the User Interface Screen Capture Images to appear.

https://vdc-download.vmware.com/vmwb-repository/dcr-public/35935117-d488-476d-80ee-35059e08902c/6d9256f5-662f-4359-8888-bc7549096dd9/WorkspaceONE_Android_BaseIntegration.pdf

Additional context

No response

[Maddy79]

@sehmusaydogdu - The App has to be deployed via WS1 Intelligent Hub, the device needs to be enrolled to WS1 UEM console.

[sehmusaydogdu]

@Maddy79 - Actually, we did the same thing, but the error continues. Is there anything else to check?

[Maddy79]

How is the device enrolled, Legacy Android enrollment OR Android Enterprise ( PO / COPE etc)

[sehmusaydogdu]

We enrolled Android Enterprise

[Maddy79]

Is it possible to share the logcat logs ?

[sehmusaydogdu]

The log is as follows:

2024-02-29 13:27:06.228 4437-4437 AndroidRuntime com.architecture.application E FATAL EXCEPTION: main Process: com.architecture.application, PID: 4437 java.lang.ExceptionInInitializerError at com.airwatch.sdk.context.awsdkcontext.SDKDataModelImpl.isDeviceUDIDInitialized(Unknown Source:0) at com.airwatch.sdk.context.awsdkcontext.handlers.AWDeviceIDHandler.handle(Unknown Source:11) at com.airwatch.sdk.context.awsdkcontext.handlers.SDKBaseHandler.handleNextHandler(Unknown Source:76) at com.airwatch.keymanagement.unifiedpin.LoginPrecheckHandler.handle(Unknown Source:12) at com.airwatch.sdk.context.awsdkcontext.chain.SDKLoginSplashChain.process(Unknown Source:87) at com.airwatch.login.ui.activity.SDKSplashActivity.onResume(Unknown Source:28) at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1603) at android.app.Activity.performResume(Activity.java:9119) at android.app.ActivityThread.performResumeActivity(ActivityThread.java:5399) at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:5507) at android.app.servertransaction.ResumeActivityItem.execute(ResumeActivityItem.java:57) at android.app.servertransaction.ActivityTransactionItem.execute(ActivityTransactionItem.java:45) at android.app.servertransaction.TransactionExecutor.executeLifecycleState(TransactionExecutor.java:180) at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:98) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2685) at android.os.Handler.dispatchMessage(Handler.java:106) at android.os.Looper.loopOnce(Looper.java:230) at android.os.Looper.loop(Looper.java:319) at android.app.ActivityThread.main(ActivityThread.java:8913) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:608) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1103) Caused by: java.lang.RuntimeException: Unauthorized App Access. Add app to console and install via Anchor app. Error code: -71 at com.airwatch.util.NotificationUtility.notifyAppNotAccessible(Unknown Source:74) at com.airwatch.core.AirWatchDevice.loadNativeLibs(Unknown Source:61) at com.airwatch.core.AirWatchDevice.(Unknown Source:76) at com.airwatch.sdk.context.awsdkcontext.SDKDataModelImpl.isDeviceUDIDInitialized(Unknown Source:0) at com.airwatch.sdk.context.awsdkcontext.handlers.AWDeviceIDHandler.handle(Unknown Source:11) at com.airwatch.sdk.context.awsdkcontext.handlers.SDKBaseHandler.handleNextHandler(Unknown Source:76) at com.airwatch.keymanagement.unifiedpin.LoginPrecheckHandler.handle(Unknown Source:12) at com.airwatch.sdk.context.awsdkcontext.chain.SDKLoginSplashChain.process(Unknown Source:87) at com.airwatch.login.ui.activity.SDKSplashActivity.onResume(Unknown Source:28) at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1603) at android.app.Activity.performResume(Activity.java:9119) at android.app.ActivityThread.performResumeActivity(ActivityThread.java:5399) at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:5507) at android.app.servertransaction.ResumeActivityItem.execute(ResumeActivityItem.java:57) at android.app.servertransaction.ActivityTransactionItem.execute(ActivityTransactionItem.java:45) at android.app.servertransaction.TransactionExecutor.executeLifecycleState(TransactionExecutor.java:180) at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:98) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2685) at android.os.Handler.dispatchMessage(Handler.java:106) at android.os.Looper.loopOnce(Looper.java:230) at android.os.Looper.loop(Looper.java:319) at android.app.ActivityThread.main(ActivityThread.java:8913) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:608) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1103) Caused by: java.lang.UnsatisfiedLinkError: Bad JNI version returned from JNI_OnLoad in "/data/app/~~etYPzlXMn-UZib2g8PAtxA==/com.architecture.application-ngHxlovgkWbOqaCkfVKYww==/base.apk!/lib/arm64-v8a/libcoredevice.so": -3 at java.lang.Runtime.loadLibrary0(Runtime.java:1082) at java.lang.Runtime.loadLibrary0(Runtime.java:1003) at java.lang.System.loadLibrary(System.java:1661) at com.airwatch.core.AirWatchDevice.loadNativeLibs(Unknown Source:9) at com.airwatch.core.AirWatchDevice.(Unknown Source:76) at com.airwatch.sdk.context.awsdkcontext.SDKDataModelImpl.isDeviceUDIDInitialized(Unknown Source:0) at com.airwatch.sdk.context.awsdkcontext.handlers.AWDeviceIDHandler.handle(Unknown Source:11) at com.airwatch.sdk.context.awsdkcontext.handlers.SDKBaseHandler.handleNextHandler(Unknown Source:76) at com.airwatch.keymanagement.unifiedpin.LoginPrecheckHandler.handle(Unknown Source:12) at com.airwatch.sdk.context.awsdkcontext.chain.SDKLoginSplashChain.process(Unknown Source:87) at com.airwatch.login.ui.activity.SDKSplashActivity.onResume(Unknown Source:28) at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1603) at android.app.Activity.performResume(Activity.java:9119) at android.app.ActivityThread.performResumeActivity(ActivityThread.java:5399) at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:5507) at android.app.servertransaction.ResumeActivityItem.execute(ResumeActivityItem.java:57) at android.app.servertransaction.ActivityTransactionItem.execute(ActivityTransactionItem.java:45) at android.app.servertransaction.TransactionExecutor.executeLifecycleState(TransactionExecutor.java:180) at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:98) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2685) at android.os.Handler.dispatchMessage(Handler.java:106) at android.os.Looper.loopOnce(Looper.java:230) at android.os.Looper.loop(Looper.java:319) at android.app.ActivityThread.main(ActivityThread.java:8913) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:608) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1103) 2024-02-29 13:27:06.236 4437-4514 DJINNI com.architecture.application E java.lang.NoClassDefFoundError: failed for class com.airwatch.core.AirWatchDevice; see exception in other thread at com.airwatch.crypto.openssl.OpenSSLCryptUtil.updateOpenSslSeed(Unknown Source:54) at com.airwatch.crypto.openssl.OpenSSLCryptUtil.getInstance(Unknown Source:106) at com.airwatch.util.RandomGenerator.genRandomKey(Unknown Source:0) at com.airwatch.crypto.provider.AWSecureRandom.engineNextBytes(Unknown Source:8) at java.security.SecureRandom.nextBytes(SecureRandom.java:480) at java.math.BigInteger.randomBits(BigInteger.java:719) at java.math.BigInteger.(BigInteger.java:692) at com.vmware.xsw.settings.providers.internal.MasterKeyFromRSA.getOrCreateMasterKey(MasterKeyFromRSA.kt:67) at com.vmware.xsw.settings.providers.internal.MasterKeyFromRSA.encryptSymmetricKey(MasterKeyFromRSA.kt:43) at com.vmware.xsw.settings.providers.internal.AndroidDefaultAESCipher.getKey(AndroidDefaultAESCipher.kt:48) at com.vmware.xsw.settings.providers.internal.AndroidDefaultAESCipher.build(Androi 2024-02-29 13:27:06.238 4437-4514 WS1_ASMLog com.architecture.application E (Logger.cpp.88) java.lang.NoClassDefFoundError: failed for class com.airwatch.core.AirWatchDevice; see exception in other thread 2024-02-29 13:27:06.240 4437-4514 WS1 com.architecture.application E onSDKException: Report from secure preference. code = APP_STATUS_ENDPOINT

[Maddy79]

Thanks @sehmusaydogdu - we will check and update.

[Maddy79]

@sehmusaydogdu - as per the logs, the app did not get installed from the WS1 Hub App Catalog on the device, please confirm.

[sehmusaydogdu]

The following steps were followed.

1. apk file has been created.
2. Hub App Catalog added.
3. Then the application was downloaded from Hub Catalog.
4. The application received an error.
5. To examine the tablet logs, Android Studio was connected via USB (developer mode was turned on).
6. The error received was still the same.

[sehmusaydogdu]

@Maddy79 Do you have any observations or developments?

[Maddy79]

@sehmusaydogdu we are checking this. One quick question, how are you integrating SDK, is it adding the libs OR via the maven repo.?

[Maddy79]

@sehmusaydogdu - since the device is AE enrolled, can you trying adding the apk to enterprise PlayStore from UEM and on the device go to enterprise Playstore and install the app

[sehmusaydogdu]

I created a libs folder.

app/build.gradle file content:

dependencies {

implementation fileTree(include: ['*.jar'], dir: 'libs')

implementation "androidx.datastore:datastore-preferences:1.1.0-beta01"
implementation 'androidx.core:core-splashscreen:1.0.1'
implementation 'io.insert-koin:koin-core:3.4.0'
implementation 'io.insert-koin:koin-android:3.4.0'

implementation (files('libs/room-ktx-2.5.0.aar'))
implementation (files('libs/room-runtime-2.5.0.aar'))

// client sdk
implementation (files('libs/AirWatchSDK-24.01.aar'))
implementation (files('libs/FeatureModule-android-2.0.2.aar'))
implementation (files('libs/sdk-fm-extension-android-2.0.2.aar'))
implementation (files('libs/ws1-android-logger-24.01.aar'))

// framework sdk
implementation(files('libs/CredentialsExt-102.1.1.aar'))
implementation(files('libs/openssl_fips-1.0.2zi.aar'))

implementation 'androidx.legacy:legacy-preference-v14:1.0.0'

//implementation(files('libs/sharedpreferencesprovider-1.4.3.4.aar'))
implementation(files('libs/SCEPClient-24.01.aar'))
implementation(files('libs/ws1-sdk-oauth-api-lib-24.01.aar'))
implementation(files('libs/xsw-crypto-android-22.5.2.220920191432.aar'))

implementation(files('libs/AWFramework-24.01.aar'))
implementation(files('libs/VisionUx-2.2.6.aar'))
implementation(files('libs/attributesprovider-22.7.0.220803095958.aar'))
implementation(files('libs/chameleon-android-22.7.2.221020165719.aar'))
implementation(files('libs/AWComplianceLibrary-24.01.aar'))
implementation(files('libs/work-hour-access-sdk-android-24.01.aar'))
implementation(files('libs/aw-framework-native-lib-24.01.aar'))
implementation(files('libs/opdata-android-22.7.0.220803154657.aar'))
implementation(files('libs/settings-22.7.0.220803095958.aar'))
implementation(files('libs/supercollider-22.7.0.6.aar'))
implementation(files('libs/encryptedpreferencesprovider-22.7.0.220803095958.aar'))
implementation(files('libs/module-settings-22.7.1.220803111420.aar'))
implementation(files('libs/httpprovider-22.7.0.220803095958.aar'))
implementation(files('libs/memoryprovider-22.7.0.220803095958.aar'))
implementation(files('libs/biometric-1.1.0.aar'))
implementation 'com.google.code.gson:gson:2.10.1'

// Third party libraries that are distributed with the SDK.
implementation("com.squareup.moshi:moshi-kotlin:1.14.0"){
    exclude group: 'com.squareup.okio', module: 'okio'
    exclude group: 'com.squareup.moshi', module: 'moshi'
}
implementation 'com.squareup.moshi:moshi:1.14.0'
implementation 'com.squareup.moshi:moshi-adapters:1.14.0'
implementation 'com.squareup.okio:okio:3.2.0'

// default
implementation 'androidx.appcompat:appcompat:1.6.1'
implementation 'com.google.android.material:material:1.11.0'
implementation 'androidx.navigation:navigation-fragment-ktx:2.7.7'

}

[Maddy79]

Thanks @sehmusaydogdu , please confirm on the PlayStore query also.

[sehmusaydogdu]

We do not use Google Play Store because our applications are internal apps. For this, we upload the apk file to the vmware airwatch application catalog. (we do not use public google play store)

[Maddy79]

@sehmusaydogdu , since the device is Android Enterprise enrolled, can you try uploading the app via Enterprise PlayStore from WS1 UEM?

[sehmusaydogdu]

Let's try it and share the result.

Is there a solution to this for a local environment?

[sehmusaydogdu]

We already uploaded via WS1 UEM to the enterprise store. The error received was still the same.

[Maddy79]

@sehmusaydogdu , so you see the app in Enterprise PlayStore on the device..rt?

[sehmusaydogdu]

i try download private google play store and it does not work. i try download hub App catalog added store and it does not work.

[Maddy79]

@sehmusaydogdu - I will suggest to raise a SR ticket with our support team so that we can get in call with you and look into this.

[Maddy79]

@sehmusaydogdu - were you able to raise the SR ticket?

[sehmusaydogdu]

Our last point;

Full MDM mode setup is not working the application is crashing ( log: Unauthorized App Access. Add app to console and install via Anchor app.) But hybrid(work manage) mode (with work profile) setup is working. Per APP VPN is opening a Tunnel and the application is working.

We opened VMware Technical Support ticket, return is expected

[Maddy79]

@sehmusaydogdu - So as per above , same App when installed on an Work Managed device works fine, whereas it crashes when installed on an Fully Managed (DO mode).

[sehmusaydogdu]

If there is no action to be taken on your side, I can close the case.

[Maddy79]

@sehmusaydogdu - can you please confirm my comments above, you can keep this open, until we get it via the SR internally.