I was analyzing one of my customer’s api traffic the other day and I noticed something odd about the devices that were using the mobile application API. I found standard browsers like Firefox and chrome hitting API endpoints that should only be touched by their mobile-application communication.
In the application development world, we call browsers “user agents (UA)” or “user-agent strings.” For example, when an analyst looks at a batch of web logs, they would see the user agent for Chrome appearing as “mozilla/5.0 (Macintosh; Intel Mac OS X 11_5_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36.” This is a user sitting in front of a laptop or desktop with Chrome open, browsing the web.
On a mobile application, the development staff will create a user agent for their application. It can be something like “CoolAppV1-iphone,” or anything else they want to use. The iPhone and Android user agents are often different, but they are almost always a hand-coded string that means something to the developers.
In this way you can track what kind of devices are