SOTI Pulse Logo

File IO error on device. Check Storage/Permissions.

KM
Krzysztof Majewski

I have one device, that is enrolled with profile X. Profile X has just two configurations.

First one is an "App Run Control" whitelist configuration with just one app whitelisted. And this is my app with com.my.app package.

The second configuration is of course the app with com.my.app package itself.

And my problem is that the app is not being installed and I get this issue on device:

Package "com.my.app" version 1.0.0 failed to install. File IO error on device. Check Storage/Permissions.

But when I remove the "App Run Control" configuration from the profile, the app is being installed without any problem.

I verified the package names in profile configuration and everything is fine. It's even selected with SOTI MobiControl autocomplete.

Option "Force Package Reinstallation" or revoking and reinstalling the profile doesn't work either.

My device is Zebra TC78 with Android 11. The MobiControl agent is 2024.1.6 Build 1140.

What am I doing wrong?

Also, a similar thing is happening when I try to download "Android debug" logs. File with just this content is downloaded:

PKError retrieving agent log. Server reported error: 
 The operation has timed out.

No matter if the "Android Run Control" is enabled or not.

a year ago
Android
ANSWERS
RS
Rafael Schäfer
a year ago

Please correct me if I'm wrong but application run control profile is a blacklist.

And this would clarify why you see this issue as the blacklist blocks this app from being installed.

And for the debug logs, did you enable the debug in the connection settings of the relevant device? Also you need to run a legacy script (request_bug_report) and wait it being finished (you can see that on the device screen) before you can grab it from the console.

KM
Krzysztof Majewski
a year ago

It can be a whitelist as well:

RS
Rafael Schäfer
a year ago

Hmm, ok maybe because we created a blacklist, we can't create a whitelist anymore even in new profile but i also see the same description in the help (15.6): 

The Application Run Control configuration enables you to create blacklists that specify which applications are prevented from running on devices.

But i also saw now in 2024.1, the text is the same but also whitelist seem available there, so it's version specific.

KM
Krzysztof Majewski
a year ago

As for the logs I have USB debugging enabled for this device. Is this what you asked for?
I've run the script and device asked me if I want to share debug report. I confirmed. Now I can download debug report.
Is there any other way to see android logs like in logcat?

RS
Rafael Schäfer
a year ago

Regarding this, the setting can be found here:

  1. open the device details
  2. configurations tab & scroll down
  3. connection settings
  4. Tick the "Override settings..."
  5. Optional: Align the filesizes if needed (recommendation default*10)
  6. Tick the "Enable Debug Logging on Device"
  7. Save it

Then do a checkin on the device, send the mentioned script and when it'S done, grab the logs as you wanted before.

If this still fails because of I/O error check if mobicontrol has storage permissions granted (you can send the legacy script request_appops_permission MANAGE_EXTERNAL_STORAGE to the device which will popup a permission request on the device if the permission is missing).

KM
Krzysztof Majewski
a year ago

I'm still being asked on the device whether to share the debug report or not.

Is it possible to automat this and skip the part about asking for sharing?

RS
Rafael Schäfer
a year ago

Not that i know of, i know this way of grabbing logs only a short time as well but our TAM should have told us that if there's something i guess.

KM
Krzysztof Majewski
a year ago

In my logs I see such thing:

  #85: act=net.soti.mobicontrol.INSTALL_COMPLETE flg=0x10 pkg=net.soti.mobicontrol.androidwork (has extras)
    0 dispatch 0 finish
    enq=2024-09-11 08:10:50.482 disp=2024-09-11 08:10:50.482 fin=2024-09-11 08:10:50.482
    extras: Bundle[{android.content.pm.extra.STATUS=3, android.content.pm.extra.PACKAGE_NAME=com.my.app, android.content.pm.extra.SESSION_ID=1624752390, android.content.pm.extra.LEGACY_STATUS=-22, android.content.pm.extra.STATUS_MESSAGE=INSTALL_FAILED_VERIFICATION_FAILURE}]

This doesn't not occur when I remove the whitelist from my profile

RS
Rafael Schäfer
a year ago

To be honest i can't help with such log entrys, this maybe something for Soti support.

I just wanted to help you to do the right settings to be able to grab such logs and have some ideas to put on the table.

Maybe there's an issue that the whitelist is not provided correctly and processed as a blacklist instead. What happens if you revoke the whitelist, install the app manually and install the whitelist afterwards?
If the app is uninstalled then, then i am pretty sure that my gues could be right but this is also something to be clarified with the support.

And as i don't work with whitelists yet (as not available for me because of older version used), I'm not sure if you maybe need to add more apps to the list in order for the device wroking properly. From help:

When you use a whitelist, only whitelisted applications can run on a device.

So i assume you need to add mobicontrol itself and maybe other apps as well.

KM
Krzysztof Majewski
a year ago

Mobicontrol, Settings and Google apps seem to always be whitelisted. Behaviour is the same whether they are whitelisted or not.

Thanks for trying to help anyway! I really appreciate. 

KM
Krzysztof Majewski
a year ago

I've found the solution for the whitelist issue.
I have to whitelist "Google Play services" and "Google Play Store" apps as well.
I tested it with multiple factory resets and profile revocation/reinstallation and it seems to be working fine.

RS
Rafael Schäfer
a year ago

Good you found it.

As i assumed, you need to whitelist more apps in order for it to work.

That's why i normally work on such cases with blacklists (on fully managed devices) as there's a lower risk to "break" something because of something not whitelisted.

P
PMMOD@SOTI
a year ago

Hi Krzysztof Majewski,

Thanks for posting on SOTI Pulse. Thanks Rafael Schäfer for responding to the post, your expertise and willingness to help are greatly appreciated!

Has your query been resolved? If not, or if you have any additional concerns, please don't hesitate to reach out. We are dedicated to providing assistance and support.

Also, if this post has helped you in solving your query, I would request you to mark the particular comment as "is solution", so that others may benefit from this information.

RC
Raymond Chan Diamond Contributor
a year ago

If system security is a major concern and ensuring only trusted app to be runnable is one of the measure that should be taken.   Then, using whitelist in Application-Run-Control (ARC) profile payload is the best choice.  Using blacklists is sometime impractical because there can be infinite number of items to include if the device is configured to allow installation from unmanaged app store or from .apk source file.

Some system or third-party app components installed on the device may sometimes be called by your app to perform some support function(s), and thus though test have to be carried out to include such app/module(s) if ARC whitelist is to be used.  In your case, the problem was that your app was not even installed when the ARC profile had already been deployed.  If you have organized your device-group and/or profile activation better in the first place, there will not be any problem in the initial installation.

Similar Discussions