WhatsApp 2FA Activation Failing on Managed Devices (Samsung Knox) - Error: "Try again in a few hours

Question

Hi everyone,I’m encountering a persistent issue where users on MDM-managed devices (specifically Samsung devices using Knox) are unable to complete the Two-Step Verification (2FA) setup in WhatsApp.Whenever they attempt to set a PIN, they receive the following error:"Not possible to perform two-step authentication at the moment. Please try again in a few hours."After analyzing the system logs, I found strong evidence that the management policies are interrupting the authentication activities. Here are the key findings from the logs:	Forced Activity Termination: The system triggers a finishIfPossible command on the 2FA activities (TwoFactorAuthActivity and SettingsTwoFactorAuthActivity) immediately after they are collected in a transition.			MDM Policy Interference: The logs show ApplicationPolicy (part of the Knox management layer) checking the state of the WhatsApp package precisely during these transitions.	 			Input Channel Disposal: There are multiple W/InputManager-JNI warnings indicating that the input channel for the 2FA window was "disposed without first being removed". This suggests the window is being killed by the system while the user is interacting with it.	 			Usage Stats Service Warnings: The system reports an "Unexpected activity event" (event : 23) for WhatsApp's account and home activities, further suggesting that the normal app flow is being disrupted by external security policies.	 	Environment Details:	OS: Android (Managed Device)			Hardware: Samsung (Knox enabled)			Management: Android Enterprise (Work Profile or Fully Managed)	Questions:	Is there a specific Knox or Android Enterprise restriction (e.g., DISALLOW_MODIFY_ACCOUNTS) known to block the internal registration of 2FA PINs in WhatsApp?			Has anyone seen ApplicationPolicy trigger a forced close (finishIfPossible) on security-related activities?			Are there recommended "Allowlist" settings or Service Plugin (KSP) configurations to ensure the 2FA process isn't flagged as an unauthorized account modification?	Any insights or workarounds would be greatly appreciated!

Michel · Answer

Hi, welcome!I work a lot with Samsung devices and Knox as well, and must say I have never had or heard this specific issue. So i’m not aware of policies blocking this. But Whatsapp adds an account to your device, you can look this up in settings and then accounts.Your question number one could indeed block this part, same for API’s around adding accounts to a managed device. My assumption would be that there is no account added for WhatsApp untill the MFA is requested, and there is results in an error (if you have this part blocked).If you haven’t blocked this, did you set policies around call and messaging control in KSP? And did you allow access to the messages app (either Google’s messages app or Samsung’s, depending on your provider). 2FA for WhatsApp is an SMS verification that WhatsApp monitors.May I ask what logs you checked?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded