Bug 54135 - Cannot deploy to Knox Container
Summary: Cannot deploy to Knox Container
Status: RESOLVED INVALID
Alias: None
Product: Android
Classification: Xamarin
Component: General ()
Version: 6.0.1 (C6SR1)
Hardware: PC Windows
: --- normal
Target Milestone: ---
Assignee: Jonathan Pryor
URL:
Depends on:
Blocks:
 
Reported: 2017-03-28 15:42 UTC by howard.bayliss@sequence.co.uk
Modified: 2017-07-27 19:15 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED INVALID

Description howard.bayliss@sequence.co.uk 2017-03-28 15:42:06 UTC
Microsoft Visual Studio 2015 Update 3
Xamarin.Android   7.1.0.43 (3a62f1e)
Device: Samsung S7

I've created a Xamarin.Android debug APK, with Use Shared Runtime unticked. The customer installs this onto our device via BlackBerry UEM. This creates two workspaces - a Personal Workspace and a Knox Workspace. The app is whitelisted and runs in the Know Workspace.

After it is installed via UEM, in Visual Studio I try to deploy and debug the app. This fails with "/data/local/tmp/com.nwp.pointapp-Signed-apk already exists on the device".

If I then manually remove the app from the Know Workspace and try to deploy/debug again, it succeeds. However, the app is only installed in the Personal workspace - we need to debug in the Knox workspace as well.

The UEM profile has all of these granted:

Allow Media Transfer Protocol (MTP)
Allow USB tethering
Allow tethering
Allow developer mode
Allow USB host storage
Enable USB debugging
Comment 1 Jon Douglas [MSFT] 2017-07-26 16:49:18 UTC
(In reply to howard.bayliss@sequence.co.uk from comment #0)
> Microsoft Visual Studio 2015 Update 3
> Xamarin.Android   7.1.0.43 (3a62f1e)
> Device: Samsung S7
> 
> I've created a Xamarin.Android debug APK, with Use Shared Runtime unticked.
> The customer installs this onto our device via BlackBerry UEM. This creates
> two workspaces - a Personal Workspace and a Knox Workspace. The app is
> whitelisted and runs in the Know Workspace.
> 
> After it is installed via UEM, in Visual Studio I try to deploy and debug
> the app. This fails with "/data/local/tmp/com.nwp.pointapp-Signed-apk
> already exists on the device".
> 
> If I then manually remove the app from the Know Workspace and try to
> deploy/debug again, it succeeds. However, the app is only installed in the
> Personal workspace - we need to debug in the Knox workspace as well.
> 
> The UEM profile has all of these granted:
> 
> Allow Media Transfer Protocol (MTP)
> Allow USB tethering
> Allow tethering
> Allow developer mode
> Allow USB host storage
> Enable USB debugging

Thank you for the report. Is there a way you can provide step-by-step instructions for how we can reproduce this behavior to further investigate? Such steps would include creating a Blackberry UEM environment to create the two workspaces, and instructions on how to install to each workspace. I'm not sure if Knox Workspace is a paid feature, but I looked at the documentation in which it seems like it is. I do have a phone that supports it in which I can use their trial to test out this issue for you provided the reproduction steps.

MDM products typically help separate applications based on their use such as business/personal/etc and provide security features, but I don't believe at the system level they really do anything other than "hide" respective apps from the current user based on the container approach. The APK is still going to be installed at the same location on the device and thus I believe is where this failure is occurring. However I would have to investigate further to understand this.

Based on their whitepaper: http://www.samsung.com/global/business/business-images/resource/white-paper/2013/06/Samsung_KNOX_whitepaper_June-0.pdf

I don't see any indication of installing the same app in different containers. I believe the limitation of the same package name would prevent the Android OS from allowing that. So it seems like there might be a bit more going on here.
Comment 2 howard.bayliss@sequence.co.uk 2017-07-27 14:03:50 UTC
Hi Jon. Thanks for your reply. Since I raised the ticket, BlackBerry responded to say that debugging in the Knox Container is not possible. Please close the ticket as I don't see any way forward. Thanks. Howard