In my case, the app does not provide an unlock code. Instead, the app contains an in-app button, which itself fires back the message to Microsoft/Google to unlock.
My general impression was that the work upgrade to this new system came at exactly the worst time for me, when I didn’t want it and my Liberty Phone had recently arrived and instead I wished to celebrate furthering my venture into this space rather than to be kicked out. So I spent quite a long time trying to figure what hackery could be accomplished by decompiling this app and mimicking it. But Microsoft and Google have more money than me, and could at every step construct systems with intention to thwart anyone who would not use the actual Android app. I do not have interest in further attempts to investigate the possibility of reverse engineering this thing, unless perhaps if my existing solution ceases to function. The time cost, when I could do something else with my life, did not feel worthwhile. That isn’t to say that everything I do in my life is a good use of time; certainly many things are not. But if you’re going to investigate reversing this app to create a command line mimic, you’re going to have to do it without me for the time being.
Edit:
That’s not because I don’t want it. It’s because the people on the other side are conscious. They might be reading this, having boardroom meetings about how to kill off what they see described in this topic. In this case, their evil is done with intention. If it were not, MICROSOFT would allow us to authenticate using WINDOWS in order to promote the idea that WINDOWS was secure and/or worth buying. I own an EXPENSIVE MICROSOFT SURFACE that they are effectively telling me is not sufficiently secure to DO A BASIC LOGIN. [Yeah it’s evil nonfree tech, that’s a whole other problem in my life, but whatever.]
So, anyway, we are seeing either (1) maliciousness, or (2) negligence.
The extraordinary complexity of the app’s internals gives rise to me having the belief that of the two, we are seeing #1. If you reverse their app and build a replica, they will do an update to kill your replica. We’re talking about creating a potentially lifelong job for a free software enthusiast, and simply for the purpose of logging into work in a way that their employer can trust. If they jump in and take it seriously they wouldn’t be doing their job and would lose the position, and if they don’t take it seriously then they’ll fall behind in maintaining their anti-malicous-ness tool.
So I really do think that for me the best solution is emulation & faux submission. They can have security through obscurity by requiring the user to effectively execute an insane hodgepodge of decision networks too complex to mimic, but they probably can’t detect if the application is running on an Android that is “simulated” or not, because if they could detect that then we would just build a better simulator and that’s a more broad worthwhile endeavor that’s more likely for many people to be interested in and to possibly collaborate on.