Can no longer use MS Teams after upgrading FP4 to /e/ 1.13

mu88 · August 12, 2023, 12:00pm

Dear community,

I’m running /e/OS 1.13 on my Fairphone 4 and since the last upgrade, I can no longer run Microsoft Teams (don’t say a word, I’m not happy about that, but that’s how it is ).

Our company requires us to install the app https://play.google.com/store/apps/details?id=com.microsoft.windowsintune.companyportal. Since the last /e/ OS upgrade, I can no longer login with my company account. Within the MicroG SafetyNet settings, I see the error CTS profile does not match.

Does anybody else have the same problem?

Thank you

Macrophag · August 12, 2023, 11:24pm

Same setup here, but teams is just fine

mu88 · August 13, 2023, 8:17am

Thx for your reply!

Could you please share a screenshot from your company portal’s SafetyNet attestation? This is mine:

18yt8zhg · August 13, 2023, 9:19am

Hello,

Do you delete Advanced Privacy for MS Teams ?

mu88 · August 13, 2023, 9:32am

What do you mean by delete Advanced Privacy?

18yt8zhg · August 13, 2023, 9:47am

In Settings > Advanced Privacy > remove trackers for MS Teams.

mu88 · August 13, 2023, 10:02am

I’m not using this particular feature of /e/ OS. Nevertheless, I disabled blocking trackers for both MS Teams and Company Portal, but it is still failing.

18yt8zhg · August 13, 2023, 10:12am

Did you kill the app in background too ?

mu88 · August 13, 2023, 10:24am

Yes, I even tried a reboot.

I’m also using Shelter to run both Company Portal and Teams in Android’s work profile - don’t know whether this is relevant, at least it has been working this way for month.

Arlytix · August 15, 2023, 1:37pm

Hi,
there is a problem withi Microsoft SSO recognized as tracker, maybe you find the following link useful:

https://gitlab.e.foundation/e/backlog/-/issues/7084

Bye

mu88 · August 15, 2023, 3:14pm

Thx @Arlytix, but Advance Privacy is disabled on my phone:

Shenol · August 15, 2023, 4:52pm

Hi @mu88 Can you please check the latest version of Microsoft apps and update?
We have a report that latest version works.

mu88 · August 16, 2023, 3:34pm

@Shenol I’m using the following versions, which, according to AppLounge, are the most recent one:

Company Portal → v5.0.5926.0
Teams → v1416/1.0.0.2023143401

I’ve also disabled blocking trackers in AdvancedPrivacy of the work profile, as well as completely turning of AdvancedPrivacy at all - still no luck

Arlytix · August 17, 2023, 8:38am

What error are you getting exactly? Does a code appear?

If I remember correctly, it seems to me that the login is via browser, try clearing browser data and cache if possible, try disabling any plugins installed in the browser.

Is it possible that your company’s authentication process requires Microsoft authenticator to be installed?

mu88 · August 17, 2023, 3:24pm

Please have a look at the very post in this thread: within the MicroG SafetyNet settings, I see the error CTS profile does not match.

The error in the app is just like you’re device is not secure.

The login within CompanyPortal happens in an embedded browser, that’s correct, but not an external one for which I can clear the cache. I’ve deleted all cached data of both Teams and CompanyPortal several times.

And you’re right, our company requires a second factor via TOTP, but I’m not using the Microsoft Authenticator but a FOSS app. Since this worked before, the entered TOTP during the locked gets accepted and the underlying algorithms are the same, this cannot be the problem though.

mu88 · August 17, 2023, 3:30pm

Arlytix · August 19, 2023, 1:06am

Please install Yasnac and post the output.

You should consider to reflash the last update of /e/ os and hope it will fix the cts profile issue:

https://doc.e.foundation/devices/FP4/install

If not, have a look at this thread:

mu88 · August 19, 2023, 9:25am

This is the YASNAC output:

{
  "apkCertificateDigestSha256": [
    "CFMi+R9OCRrIqon0WdOwQgA4I9aG0m1sYPZuUf5a2ns="
  ],
  "apkDigestSha256": "fNhMGaqoDnZ0mL1WuwwiU7RN4H+lWm/gwbLAsTAHOyU=",
  "apkPackageName": "rikka.safetynetchecker",
  "basicIntegrity": true,
  "ctsProfileMatch": false,
  "evaluationType": "BASIC,HARDWARE_BACKED",
  "nonce": "NjA4OWFkMjktNTQzOS00NzQxLTkwN2UtMzI0NzU2YjM4MWYyCjIwMjMtMDgtMTlUMTE6MjQ6MDAuNDYzKzAyOjAwCkZhaXJwaG9uZS9GUDRlZWEvRlA0OjEyL1NRM0EuMjIwNzA1LjAwNC9lbmcucm9vdC4yMDIzMDcyNC4yMjU1NDI6dXNlci9yZWxlYXNlLWtleXMKMzIKMjAyMy0wNi0wNQo=",
  "timestampMs": 1692437040698,
  "deprecationInformation": "The SafetyNet Attestation API is deprecated. It is recommended to use the Play Integrity API: https://g.co/play/safetynet-timeline."
}

Arlytix · August 23, 2023, 3:52pm

Try the new /e/ os version and make sure bootlaoder is locked

mu88 · August 23, 2023, 4:22pm

There is no newer version than 1.13-s-20230724313396-stable-FP4 which I’m already running on.

Furthermore, according to the following developer setting I’d say that the bootloader cannot be unlocked and therefore should be locked: