Is there a good way to identify a cell phone or any other mobile device (which may be subject to a limited data plan) through the user agent or similar, easily accessible methods?
Yes: WURFL, the Wireless Universal Resource File: "The WURFL is an XML configuration file which contains information about capabilities and features of many mobile devices."
You'd want to look in the User Agent for specific browsers and keywords like 'Mobile', 'Skyfire', etc. That should be a pretty reliable way. You'd want to do a Google Search for Mobile Browser UserAgents. Someone probably has made a list.
I think you cannot be certain of the exact phone used in many cases because many phones share the same user-agent string (and even use the same browser). BUt you can certainly narrow the possible candidates enough as to serve tailored content.
Check these related questions as well
Auto detect mobile browser (via user-agent?)
How can I redirect mobile devices to a different URL?
Standard way to detect mobile browsers in a web application based on the http request
The iPhone UA signature is:
/Apple.*Mobile.*Safari/
Related
We are developing in-house web-based application for viewing data reports while targeting on smartphones and tablets. Our customer asked us for possibility that only certain devices could access the content. Hence we use technologies based on javascript/HTML5 we are no capable of reading unique ID like IMEI or device uuid. On the other hand side we could use server technologies like ASP, PHP to gain success.
I have several ideas which dont lead to wanted result (one discussed here: Persistent client-side web storage).
I wonder if you have any idea that allow only certain devices to access web site?
Such access control would only be "secure" if a traditional login method is implemented on top of it, i.e. users (1) need to sign in with username and password, but (2) they can only do so on specific devices.
Step (1) is required to make access basically "secure", while step (2) would only make it just a little harder to break into your app for people who have hardly a clue what they're doing.
(Without the second step, people could attempt to brute force the login form when they know its URL, without sniffing any other network traffic.)
You could certainly fingerprint the user agent (UA) string and possibly other HTTP headers, assuming the mobile browser app isn't constantly updated and therefore doesn't constantly change its UA string (that could be a hassle), and check server-sided.
Your could also create a simple, really simple native mobile app for the target platform(s), consisting only of the platform's default web browser widget, with your app's URL built-in as the default page.
You could then control the URLs and possibly HTTP headers, and add special, secret authentication headers or URL parameters (e.g. device's IMEI), for which you check on the server side.
If you target Android, you don't necessarily need to rely on Google Play; you can also distribute the APK files from one of your own servers, making the app available only to the intended audience.
AFAIK you only have the User Agent to work on, with maybe some Javascript values that you can return as are used when fingerprinting.
The User Agent should give you a lot to go on, but it can easily be spoofed. And so can the Javascript values.
I don't think there is a secure way to do what you want. But then again, I don't know if you really want it that secure.
What you also could do is to not do it 100% browser based, but create a mobile App. (Such as in Apple AppStore / Google Play Store) Here I think you can request access to more variables to identify the machine type.
Try the lightweight php-mobile-detect here: (server side checking is always better) https://code.google.com/p/php-mobile-detect/
I want to track all visitors(Os,Browser and more details) to my site.For that i am saving the useragent and URLs and other essential data into database.Later Upon execution of Crone,the user agent is analyzed and fetch browser,Os. But I want to identify crawlers(as they cannot be considerd as visitors). So is there any way to identify crawlers from user agent.
Did user Agents of Crawlers follow any common Patterns?
You can identify them by User-Agent or IP (subnet).
The first method isn't reliable, because anyone can identify as any Crawler just modifying the User-Agent.
The second method is obviously better.
These are two of the many lists on the web: http://www.user-agents.org/ (See the legend: R = Robot, crawler, spider) - http://www.robotstxt.org/db.html
Another one: http://www.karavadra.net/blog/2010/list-of-crawlers-bots-and-their-ip-addresses/
Using User-Agent strings for anything important is unreliable and a bad idea.
Any malicious crawlers will probably send the UA string of a popular browser. Proper search engine crawlers will always send a recognisable UA string, but theres nothing to stop me configuring my web browser to pretend to be one of those crawlers.
If you must do this, see get_browser() and the crawler element of the value if returns.
The Web Robots Page includes a list of known crawlers/robots that includes user agent patterns that may be used to identify known bots that are well behaved (and listed in the database).
But as DaveR said, it is difficult to stop someone who ignores the rules, and not every crawler is in the robotstxt.org database.
I am currently looking at some code for PHP detection of mobiles, which is probably quite easy.
Now I just have got one problem - I want to make it possible to make unique view-files in my MVC-framework for tablets, mobiles and web pages. So I need to split the tablet from the rest of the mobile devices.
Currently this is the code, that I am using:
public function isMobile()
{
if(preg_match('/(alcatel|amoi|android|avantgo|blackberry|benq|cell|cricket|docomo|elaine|htc|iemobile|iphone|ipad|ipaq|ipod|j2me|java|midp|mini|mmp|mobi|motorola|nec-|nokia|palm|panasonic|philips|phone|sagem|sharp|sie-|smartphone|sony|symbian|t-mobile|telus|up\.browser|up\.link|vodafone|wap|webos|wireless|xda|xoom|zte)/i', $_SERVER['HTTP_USER_AGENT']))
return true;
else
return false;
}
But this is not enough - the only check is wheter the device is a mobile device - if not it is as standard telling the framework, that we're on a computer. The last part is ok - but I want to make a split of the mobile devices in actual mobiles - and in a secound group, which should be tablets.
I hope, that I have made my wish clear, and I hope, that you have some input in a good way to achieve this.
Thanks in advance.
Here is a class with methods for detecting each platform individually.
https://github.com/serbanghita/mobile-detect
Old question, but here goes my opinion regarding mobile detection.
You state in your question that you want unique files for mobile devices, so I can assume the reason for this is to present a different version of the website for mobile clients and desktop clients.
This approach is OK until a certain point. And that point is called Android. There are ~1.5 million Android devices activated each day with resolutions from 320*240 to 2560*1600, which makes it hard to if {} else for each of them. Even if you try to make a list with most used devices and you try to target only those, it will be hard to support a new device in the future.
My approach a while back was to forget about old method of splitting devices into "mobile" and "desktop" categories and create a new method. And that method consist in "good" and "bad" browsers which is based on browser capabilities. For example, if the browser supports local storage, it will be in "good" category.
Starting from this, I had the possibility to create a "base" version of the website, very basic from a UI standpoint but which will work cross-browser. This base version of the website will present the same content (because that matters at the end of the day) on all devices, will be very small in size (less assets, smaller html) and based on browser capabilities will be enriched on the client side.
So in the end you will end up with a website that has very small footprint (html size and assets), that looks OK cross browser and it will support any new device that comes up on the market without any changes, will load fast even on poor connections and that can be enriched on client side based on browser capabilities.
You can even enrich the webpage based on devices size: if the browser reports a large screen, you can bring in more assets, more ads and make the webpage more beautiful ; if the browser reports is on a small screen, you leave it as is.
Mobile_Detect is a lightweight PHP class for detecting mobile devices (including tablets). It uses the User-Agent string combined with specific HTTP headers to detect the mobile environment. — Read more
http://mobiledetect.net
You can also use a more comprehensive solution like WURFL Cloud, which is a service that detects the capabilities of mobile devices, like is_mobile and is_tablet. There is a free plan for low traffic sites: http://www.scientiamobile.com/cloud
What is the best way to generate a 'fingerprint' of user unique-ness in PHP?
For example:
I could use a user's IP address
as the 'fingerprint', however, there
could be multiple other users on the same IP
I could
use the user's IP + user agent as
the 'fingerprint', however, a single user
could simply swap from safari to
firefox and again be seen as being unique
Ideally, the fingerprint so label the 'machine' rather than browser or 'ip' but I can't think of how this is achievable.
Open to ideas/suggestions of how you uniquely identify your users, and what advantages/disadvantages your method has.
Easiest and best way: use phps session-management - every client is given an ID, stored in a cookie (if enabled) or given as a get-variable on every link and form (alternatively you could set a cookie on your own). But, this only "fingerprints" the browser - if the user changes his browser, deletes his cookies or whatever, you can't identify it anymore.
Identifying every client by IP address is usually a bad idea and won't work. Clients that use the same router will have the same IP addresses - clients connected through a proxy-pool could have another IP address with every page load.
If you need a solution that can't be manipulated by the client in an easy way, try to do a combination of the following, using all that are supported by the clients browser and compare them on each page-load:
"normal" HTTP Cookies
Local Shared Objects (Flash Cookies)
Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
Storing cookies in and reading out Web History
Storing cookies in HTTP ETags
Internet Explorer userData storage
HTML5 Session Storage
HTML5 Local Storage
HTML5 Global Storage
HTML5 Database Storage via SQLite
There's a solution called evercookie that implements all of this.
There's something else to take in account, the public IP Address of a user is something that also can change in every page load.
There are multiple organizations that switch public IP's in they routers to balance traffic.
Achieving 100% reliability is not guaranteed, but combining some common methods can give you meaningful results
Users generally don't switch browsers. Over-complication in your algorithm only to reach engineering perfection is not worth the effort.
You certainly belong to the top 100 websites if you can expect multiple users from the same IP. Don't take it personal, but you're just not that popular.
Take the simplest possible route that could work and adjust over time if it seems necessary.
I have three different computers, various handheld devices, and many of them have different browsers installed. I use all these interchangeably at home take them with me other places so, basically, on various IP addresses. What I'm trying to point out is that fingerprinting a browser or a machine for that matter is never going to be foolproof if your goal is to block a person.
I recommend you take a different approach. Judge based on the inconclusive information you have available that suggests the identity of your banned user (same IP or same user-agent if it's a uncommon one or else some of the javascript browser fingerprinting methods such as available fonts, available plugins, non-standard window size, etc.) and require of those suspect visitors some higher form of identity verification -- such as oauth with Facebook, Google+, or Twitter. Then you can look to see if that social media account is genuine or created just to circumvent. There are also phone verification APIs in case your user base isn't social-media savvy and depending on how valuable it is to you that users don't circumvent banning.
I'm in need of a way to detect mobile browsers server-side. I'd like a way that requires me to do little to set up and little to maintain, yet still provide me with accurate detection of (at the VERY least) Android, Mobile Safari and Blackberry browsers, along with alternatives like Opera.
I'd like to have at least the majority of the mobile market covered, and I'd really prefer virtually all of the market if it doesn't take much.
WURLF is the ultimate way for mobile browser detection and a PHP API is available.
I found this one to be very easy to use php-mobile-detect
(edit: for now the Browser Capability Project is closed, i.e. atm this answer is not an option)
All you need is get_browser() and a recent browscap.ini that maps the user-agent string to a browser/version and its capabilities.
You can get a usually very up-to-date browscap.ini version from http://browsers.garykeith.com/downloads.asp
Its just a matter of reading the headers ( How do I read any request header in PHP ) and parsing / interpreting this to read the "user-agent", you may be able to find an existing PHP script or maybe just plain regex that will help in figuring out which user-agents are mobile and which are regular pc's / laptops.
There are a lot of different headers, as it indicates the operating system, so as many different mobile OS'es as there are there would be user-agent headers so the script needs to have a list of all valid ones.
http://en.wikipedia.org/wiki/List_of_user_agents_for_mobile_phones
Found this library a little while back:
http://code.google.com/p/mobileesp/
Has PHP, Java, JavaScript, and C# versions. I see it as a "lightweight" smartphone/tablet detection tool without dependencies and is regularly updated. I have mixed feelings about it though as some aspects of the code quality are a bit shaky.
If you need something even lighter-weight, the WP Super Cache plugin for WordPress contains some long regex strings you could probably swipe.
Browser sniffing based on user agent strings is always going to be flaky. I looked at WURFL and it is several MB compressed. Using that is overkill. A better approach is to detect the top devices in use on the website, design for those devices, and then call it a day.
A quick Google search picks up these:
http://mobiforge.com/developing/story/lightweight-device-detection-php
http://code.google.com/p/php-mobile-detect/
Zend Framework introduced Zend_Http_UserAgent lately.
It can determine the Mobile Device and it's capabilities by detecting the UserAgent through Wurfl, TeraWurfl and DeviceAtlas API.
How about http://code.google.com/p/hdapi/ ? Server side mobile detection in PHP.
Unfortunately WURFL is not free anymore for commercial projects.
But there is OpenDDR with its experimental PHP implementation.
I once used to store temporarily visitors' ip-addresses and csrf-session values (meant to count current visitors).
And I noticed that I had a side-gain of being able to see if the visitor used a mobile or a PC: The csrf of a mobile changes with every new page load, a PC doesn't; and the ip-addresses remain in both cases.
Sure, you only detect a mobile if a visitor clicks twice and I have not checked how reliable this is (as I do not really need it), but it is php/server-side only.