Detect in-app browser (WebView) with PHP / Javascript

javascript xcode ios android php

I developed an app for iOS and Android which accesses an HTML file from my webserver using the in-app browser (Webview).

I don't want that a user can access this file without using the app. Is there a possibility to detect, if the user is accessing the file with the app or directly via a browser on this smartphone / tablet / computer? I think that a solution with PHP is much better, because Javascript can be switched off. At least Google Analytics can differentiate between Safari and Safari (in-app). It should work with every version of iOS and Android.

Thanks for your help.

Solution

After many attempts I finally found a working solution for me!

iOS: You can detect the difference between Safari and the in-app browser using the user agent. Probably there's a nicer solution, but it works.

// Safari (in-app)
if ((strpos($_SERVER['HTTP_USER_AGENT'], 'Mobile/') !== false) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Safari/') == false) {
    echo 'Safari (in-app)';
}

Android: The package name from the app is stored in the PHP variable $_SERVER['HTTP_X_REQUESTED_WITH'].

// Android (in-app)
if($_SERVER['HTTP_X_REQUESTED_WITH'] == "com.company.app") {
    echo 'Android (in-app)';
}

As Tim van Elsloo already noted HTTP headers can be faked and this is not absolutely secure.


Solution 1:

I'm not sure about Android, but when you're using the iOS SDK's UIWebView, it sends the name and version of your app as part of the user agent (YourApp/1.0).

You can then use PHP to check if your in-app webview is being used or not:

if (strpos($_SERVER['HTTP_USER_AGENT'], 'YourApp/') !== false)

I think Android does something similar as well.

Solution 2:

Solution code:

$isWebView = false;
if((strpos($_SERVER['HTTP_USER_AGENT'], 'Mobile/') !== false) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Safari/') == false)) :
    $isWebView = true;
elseif(isset($_SERVER['HTTP_X_REQUESTED_WITH'])) :
    $isWebView = true;
endif;

if(!$isWebView) : 
    // Android or iOS Webview
else :
    // Normal Browser
endif;

Solution 3:

For Android WebView, refer the link from Developer Chrome - https://developer.chrome.com/multidevice/user-agent#webview_user_agent

There are already hints available in the user agent string like "Mobile", "wv".

You may use something like

if (strpos($_SERVER['HTTP_USER_AGENT'], 'Mobile') !== false)

or 

if (strpos($_SERVER['HTTP_USER_AGENT'], 'wv') !== false)

to detect if the user is an Android WebView.

Related

How to blur imageview in android
How to handle return value from AsyncTask
java.lang.SecurityException: Permission Denial: opening provider com.google.android.apps.photos.content.GooglePhotosImageProvider
CSRF verification failed. Request aborted
Why isn't my margin working with position: fixed?
Parsing very large XML documents (and a bit more) in java
What is the best general practice to timeout a function in promise [closed]
PHP - most lightweight psr-0 compliant autoloader
Flexbox with fixed header and footer and scrollable content
Forms Authentication understanding context.user.identity
Force IE 11 "User agent string" using tags
How to determine host value for configure when using cross compiler