discover android ios windows mobile from http headers HTTP_USER_AGENT reliability?

Question

Is this approach corect and not vulnerable to ambiguity?

I split whole content o HTTP_USER_AGENT into words, and check:

if there is `iPhone` -> iOS
if there is `Android` -> Android
if there is `Windows` -> Windows Mobile
else -> no mobile

Answer 1

First you forgot "iPod" as iOS

Second, this is your only way to detect the device but it is not secure at all. Headers can be changed really easily, you can even find chrome or firefox plugins that let you customize your headers to whatever you want.

If it is only a detection for confort purposes : You have an iPhone let's show you a nice Apple image, then it's ok, the people changing their user_agent know what they are doing.

If it is a security or "it must be infaillible" scenario, then this does not work at all as it is spoofable very easily.

If you are working on a native app, you are better of sending the platform name using a GET or a POST variable and using HTTPS to avoid your variable being tampered with.