In Italy we have a law that forces anybody accessing "govern-related" websites to use a SAML2 (SPID) or an ID-related (CIE) authentication. In moodle app, the authentication is done through an in-app browser. Until version 3.8 both types of authentication were working good.
With version 4, while the pure SAML2 still works OK, the ID-related integration is not.
The ID system (made by the government so not much to do about that) checks if an app is on the device (CIEID) and eventually launches it... or refuses to perform any kind of authentication!
Apparently, the in-app browser of version 3.8 was letting the website service "pass through the device" and check if the app was installed to launch it. This is broken in 4.0.
To test, please contact me privately so I can give you the link to the production platform this is happening.