Device and browser info
In the context of fraud detection, you may want to detect the user's OS, e.g. to know whether or not the user pays with its credit card from a known device. The usual way to obtain the user OS is to parse the user agent or the client hints HTTP header. However, when it comes to fraud detection, you can't always assume the user agent has been left untouched. Fraudsters use different kinds of anti-detect browsers and browser extensions that may lie about the user agent, including the OS. In this article, we present different techniques that can be used to detect whether or not a user lied about its OS and user agent, and try to infer the real OS even when the user agent has been modified. Before we go through the advanced techniques to infer the real user OS, let’s see how we can extract the OS from HTTP headers, in the case where the user didn’t forge them:
The user agent is an HTTP header that provides information about the user’s browser, OS, and version. For example, a user using Chrome 125 on MacOS may have the following user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 while a user on Mobile Safari on IOS may have the following user agent Mozilla/5.0 (iPhone; CPU iPhone OS 17_2_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Mobile/15E148 Safari/604.1
