I have developped an app (ios and android) that does a php request to a server. For security reasons I need to make sure that a user cant type in the same URL in a browser. Only the app should be allowed to do this request. I have been thinking at doing javascript browser detection and I get a good result for ios where it answers “Unknown” when called from the app. But for android, it always answers “Android”, be it within the browser or when called by the app.
Anyone out there having an idea on how to detect this on the server side?
I have developped an app (ios and android) that does a php request to
Share
You could detect the user agent string. This can be done on the server side in PHP using:
Android and iOS will return a user agent string containing stuff like “Mobile Safari”, “webkit”, etc. In your app, tell the webview to set the user agent as something proprietary that you’ve made up. You can do this on iOS with the following code – I expect Android has something similar:
Then in PHP only show the page if the HTTP_USER_AGENT matches the value you’ve set in your app.
Of course it’s not massively secure – some browsers or browser plugins let you fake your user agent. But it will stop the vast majority of users from seeing the content in a browser.