Connection with mobile app fails - no problem in browser

Some updates ago, my andriod companion app couldn’t connect to HA anymore when away from home.
Since I don’t find any complaints regarding this phenomenon, I think there must be a config error on my part.

HA is dockerized, using SSL only.
Whithin my home net, the app works fine connecting to https://my.ha.instance:8123 (split DNS).
If I’m away, the app stops working (“unable to connect…”) and the “updating sensors” icon stays in the notification bar.
Using a(ny) browser on the very phone (or any other computer) with the aforementioned URL works flawlessly.
I didn’t enter a home WLAN SSID or an internal address in the app’s settings.
No chance switching to an other WebView component - my developer settings just show the native Andriod System WebView.

All components up-to-date, app cache cleared.
Still no joy.

Any hints?

Well, strike that.
Using any mobile FIREFOX works (even freshly installed, so no old cache remains). Mobile Chrome and mobile Edge ask for user and password and are unable to connect thereafter.
Maybe it’s no companion app problem but one within my lovelace config (since chrome and edge die trying to show the first page)?
But if… why does firefox work?

Just in case someone has the same problem or likes mysteries.

The (1) problem remains with four android phones I could muster but there is a (2) crude workaround.

  1. No connection with android companion app (WebView) or android edge or android chrome if not within the home any WLAN.
    Firefox for android still works.
    Using any windows PC (chrome/edge/firefox/HASS.agent) from the “outside” – even if using the android phones’ LTE connection (via hotspot) – works too.

  2. While troubleshooting I installed PCAPdroid for capturing network traffic.
    At the very moment PCAPdroid started routing the traffic through its fake VPN the problem vanished.
    Bad for toubleshooting (since there was no trouble to shoot anymore), good to know how I can connect my phone if not within any WLAN (yes, as long as I don’t use the phones mobile connection, all’s well!). Unfortunately, the moment I stop the packet capture, the problem is back. A pity that using NetGuard’s fake VPN (what I switch on the moment I leave my home WLAN) does not work the same magic that PCAPdroid’s does.

Still, if anyone could shed some light onto this weird problem – I’d love to use my companion app like the million other users again.

I wonder if you are hitting some kind of browser security policy like the CORS stuff… Private Network Access: introducing preflights - Chrome for Developers

What IP does the PCAPdroid app give your phone on it’s fake VPN?
Did you have the NetGaurd VPN also running while doing the packet capture?
Cheers.