Open viwod opened 9 months ago
gastaffo
commented
9 months ago Could you attach a crash log or along with the SDK verison? We could then symbolicate on our end to see whats crashing.
Is your app using [BGTaskScheduler registerForTaskWithIdentifier:] to handel the calls? If so you need to to add "FinishLaunchingAtStartup" = TRUE to your IntuneMAMSettings plist.
viwod
commented
9 months ago Thanks for your response, I have fetched a couple relevant crash files and can send them over via e-mail, what's a good e-mail address to contact you at?
And we are using registerForTaskWithIdentifier, and we currently have "FinishLaunchingAtStartup" = TRUE on our IntuneMAMSettings plist at the time of the crash
gastaffo
commented
9 months ago gastaffo@microsoft.com
gastaffo
commented
9 months ago You could also just attach them here
viwod
commented
9 months ago Thanks @gastaffo, I've emailed those crash files to you
viwod
commented
9 months ago About the behavior that occurs when a user sets a pin protection requirement in the app protection policy, when a timeout period is set and that timeout period is exceeded, a pin check is required before the user can access the app. This timeout seems to also block other behavior (i.e. incoming VOIP calls).
Within our app when the crash occurs, something is inhibiting some app lifecycle events on startup that prevent us from registering to PushKit. This only occurs when the pin protection requirement timeout has exceeded, and the pin check-in is required. This crash does not happen when a pin protection requirement is not enforced, or if the timeout set has not yet been exceeded.
What exactly does the SDK do to the app to suppress this behavior that might be affecting our app lifecycle events?
viwod
commented
9 months ago Hi @gastaffo, did you have an update regarding the crash logs/question for the scenario described above? Please let me know if there is anything I can provide that would expedite this, we have multiple customers experiencing this issue and would like to get to the root of this as soon as possible.
rjvishnu87
commented
4 months ago We are also facing the same issue with voip calls are failing. Can we get the fix soon ?
dbanik
commented
2 months ago Any update on this issue?
chasemac
commented
1 month ago Did you check MaxFileProtectionLevel? If it's set to: NSFileProtectionComplete your app will crash.
gastaffo
commented
1 month ago @dbanik @viwod @rjvishnu87 Pinging so y'all can see @chasemac comment. Can y'all try setting MaxFileProtectionLevel in the IntuneMAMSettings to NSFileProtectionCompleteUntilFirstUserAuthentication?
chasemac
commented
1 month ago Can you let me know if this is the fix? I had to get the highest level of Microsoft support to diagnose a crash in my app last year and it cost me a month of development time.
gastaffo
commented
1 month ago @chasemac Do you have any crash logs? We can see if they match the above crash logs sent by viwod
viwod
commented
1 month ago @gastaffo Thanks for following up here, unfortunately that NSFileProtection setting will not work for us; it was set to NSFileProtectionCompleteUntilFirstUserAuthentication when those^ crash logs were generated back then, and is still set to that in our app now.
We still have customers for which the only possible workaround to avoid this CallKit/VOIP crash is to completely remove the pin access requirement. This isn't an ideal solution to prescribe, as these customers have had to compromise on their protection policy settings to avoid this crash
gastaffo
commented
3 weeks ago @viwod So I talked to another partner team about how they handle CallKit notifications. They also had the issue of having the PIN screen block their call screen. They handled that by setting the UI policy identity to @"" when the call is recieved which will disable policy and stop the PIN screen from showing up. As long as you then re-enable policy by setting the UI policy identity back to the managed user once the call is done (or whenever the user navigates away from the call screen in your app) then that should stop the PIN screen from showing up during a call and not allow a data leak.
This does require your app to be a "multi-identity" app, if your app is a single identity app then here are some docs on how multi-identity apps work with the SDK. If you just need the ability to turn off policy and stay a single identity setting the managed identity on launch should be sufficient. https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-ios-phase5
Describe the bug: We are seeing an issue where our app is crashing when VOIP calls are received. The app is crashing due to the
0xbaadca11error code; the OS is terminating our app for failing to report a CallKit call in response to a PushKit notification (error description here).We only see this issue when the user enables a pin access requirement in their app protection policy, and sets a timeout (i.e. 5 minutes) before a pin check is required. If the user backgrounds or kills the app, and a time duration less than the timeout duration has passed, the issue/crash will not occur when a call is received. However, once the timeout is exceeded and a call is received, the app crashes due to the error described above.
It is my understanding that the SDK performs some action to suppress these calls when this pin access requirement is in place. But this SDK behavior seems to be interfering with our app lifecycle and preventing us from reporting these CallKit calls, resulting in the crash.
How exactly does the SDK suppress these calls, and how exactly are we expected to integrate with this suppression behavior to prevent OS app terminations due to
0xbaadca11?To Reproduce Steps to reproduce the behavior:
Expected behavior: A clear and concise description of what you expected to happen:
Smartphone (please complete the following information):
Intune App SDK for iOS (please complete the following information):
What version of the Intune SDK are you using? Are you using the latest version? - We are using SDK version 18.0.1
What platform is your app based in (native, Xamarin based, Cordova, etc)?
For errors during build, does the app build without Intune SDK integration? - N/A
For errors post build, does the app launch without being Intune SDK integrated? - N/A
Who is the customer? - N/A
Do you see a trend with it only being reproduced on a specific device? - No, reproducible on all devices
Additional context: Add any other context about the problem here.