Access Management not Working on Android


so we recently upgraded to the priority plan so the apps we would publish could be password protected. This is important to us because we are working on an app for a client whose access will be restricted in production. Therefore we don’t want it to be available to everybody who just happens to know the link. If I understand correctly what’s written here (Working Together - Expo Documentation) protecting apps in expo with user accounts should be possible (“Can only view your projects through the Expo client, but can’t modify your projects in any way.”).

I tested scanning the QR code on my iPhone without being locked in and that results in an error message containing “403”, perfect. When I log in, I am able to scan the same code and see the app from that particular release channel.

However, when I scan the same QR code with an Android phone, I can directly access the app. No login needed. How is that possible? Is this a major security breach or did I just understand the security measures provided by the priority plan wrong?

Best regards