Unable to Accessing Private Resources From an Android App via 1.1.1.1 WARP/Teams

I have a Windows 10 Pro desktop running a Windows application that has a built-in web server listening on port 81. Remote access normally requires enabling Port Forwarding on the router for port 81. Instead, I created an Argo tunnel and defined a CNAME pointing to that tunnel. The configuration file mapped all incoming traffic to port 81. I successfully accessed the Windows application via a browser from both Windows and Android.

The Windows application comes with a companion Android app with the ability to define LAN and WAN addresses. I changed the WAN address from the Port Forwarding address to the Argo tunnel and successfully accessed the Windows application over a cell Internet connection. I inspected the tunnel traffic (WireShark capture of the loopback adapter) for both remote browser and Android app access - everything looked like normal HTTP.

The next step was to tighten access to the Argo tunnel. I set up a Google Identity Provider and defined rules restricting Argo tunnel access to specific Gmail accounts. Access to the Argo tunnel via a browser from both Windows and Android either accepted the current Google login or prompted for login to the allowed Gmail accounts. However, I was now unable to connect via the Android app. I followed the instructions at https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp, installed the Cloudflare root certificate, and successfully enabled 1.1.1.1 Teams for my Cloudflare Access domain. I set up a Gateway Network policy allowing access to my private LAN destination IPs. The Android app still claims it is unable to reach the server.

I just stumbled on https://developers.cloudflare.com/cloudflare-one/identity/devices/require-gateway and added both Warp and Gateway to my Device posture attributes and then added Warp/Warp and Gateway/Gateway as includes in the Application rule associated with my Application URL (my Argo tunnel CNAME). I also followed the steps in https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel to enable routing from Cloudflare to my LAN subnet and deleted the 10.0.0.0/8 in the list after Add Split Tunneling Record, but still no success. The Access and Gateway/Network/HTTP show successful accesses for browser sessions but nothing relating to the Android app. I still see port 81 traffic on the loopback adapter when accessing the Windows application via the smartphone browser but nothing when I try to connect from the Android app.

Am I missing a rule somewhere or am I trying to do something that is not yet supported? With the exception of SSH, most of the tutorials relate to browser-initiated sessions. Browsers appear to be providing the necessary OAuth2 information to Cloudflare but whether/how WARP/teams integrates with OAuth2 is unclear.
Thanks, Norbert

As of yesterday evening, I was able to access the web service on my Win10 Pro desktop webserver via the companion Android app from a remote network. I am not sure what has changed - I may have rebooted my server and/or my smartphone, but I have not made any changes to the cloudfared configuration or Cloudflare Teams. I will try to enable another Android smartphone tomorrow to see if it connects successfully.

The Teams Logs > Access and Logs > Gateway / Network are still only showing access via browser - neither successful nor unsuccessful access attempts from the Android app are showing up.

Thanks, Norbert