Detect in-app browser (WebView) with PHP / Javascript

php javascript android ios xcode

32,243

Solution 1

I'm not sure about Android, but when you're using the iOS SDK's UIWebView, it sends the name and version of your app as part of the user agent (YourApp/1.0).

You can then use PHP to check if your in-app webview is being used or not:

if (strpos($_SERVER['HTTP_USER_AGENT'], 'YourApp/') !== false)

I think Android does something similar as well.

Solution 2

Solution code:

$isWebView = false;
if((strpos($_SERVER['HTTP_USER_AGENT'], 'Mobile/') !== false) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Safari/') == false)) :
    $isWebView = true;
elseif(isset($_SERVER['HTTP_X_REQUESTED_WITH'])) :
    $isWebView = true;
endif;

if(!$isWebView) : 
    // Android or iOS Webview
else :
    // Normal Browser
endif;

Solution 3

For Android WebView, refer the link from Developer Chrome - https://developer.chrome.com/multidevice/user-agent#webview_user_agent

There are already hints available in the user agent string like "Mobile", "wv".

You may use something like

if (strpos($_SERVER['HTTP_USER_AGENT'], 'Mobile') !== false)

if (strpos($_SERVER['HTTP_USER_AGENT'], 'wv') !== false)

to detect if the user is an Android WebView.

32,243

Author by

ohh2ahh

Updated on July 26, 2022

Comments

ohh2ahh almost 2 years
I developed an app for iOS and Android which accesses an HTML file from my webserver using the in-app browser (Webview).

I don't want that a user can access this file without using the app. Is there a possibility to detect, if the user is accessing the file with the app or directly via a browser on this smartphone / tablet / computer? I think that a solution with PHP is much better, because Javascript can be switched off. At least Google Analytics can differentiate between Safari and Safari (in-app). It should work with every version of iOS and Android.

Thanks for your help.

Solution

After many attempts I finally found a working solution for me!

iOS: You can detect the difference between Safari and the in-app browser using the user agent. Probably there's a nicer solution, but it works.
```
// Safari (in-app)
if ((strpos($_SERVER['HTTP_USER_AGENT'], 'Mobile/') !== false) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Safari/') == false) {
    echo 'Safari (in-app)';
}
```
Android: The package name from the app is stored in the PHP variable $_SERVER['HTTP_X_REQUESTED_WITH'].
```
// Android (in-app)
if($_SERVER['HTTP_X_REQUESTED_WITH'] == "com.company.app") {
    echo 'Android (in-app)';
}
```
As Tim van Elsloo already noted HTTP headers can be faked and this is not absolutely secure.
cutsoy about 11 years

Please note that this can obviously be faked by a desktop browser as well (by setting "fake" HTTP headers), so you shouldn't rely on this from a security perspective.
ohh2ahh about 11 years

Thanks for your quick help. Unfortunately the user agent does not include the app name. At least not in my attempts.
cutsoy about 11 years

Are you using UIWebView? It should be something like: <AppName>/1.0 CFNetwork/459 Darwin/10.2.0. If it's not (which I doubt), then you could always try to do something like stackoverflow.com/questions/478387/… or stackoverflow.com/questions/8487581/….
ohh2ahh about 11 years

Yes, I'm using UIWebView and I've tried a bit and my app does not appear in the user agent. I even tried it with the iOS simulator from Xcode and only get something like (from the iPhone 6.1 Simulator): Mozilla/5.0 (iPhone; CPU iPhone OS 6_1 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10B141 Maybe the PHP variable $_SERVER['HTTP_USER_AGENT'] is not correct?