Chrome's user agent reduction results in no longer detecting Android tablets as a tablet device

[AdmDevelopment]

Thanks to Chrome's "user agent reduction" the user agent in Chrome no longer contains dynamic device and operating system information. For Android the operating system is fixed as Android 10 and the device model is set to K. The only thing that appears to be dynamic is the Major Version of Chrome. They did this to combat fingerprinting.

More info: https://developer.chrome.com/blog/user-agent-reduction-android-model-and-version/

The user agents are:

Android Tablet using Chrome:
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/{MAJOR_VERSION}.0.0.0 Safari/537.36

Android Smartphone using Chrome:
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/{MAJOR_VERSION}.0.0.0 Mobile Safari/537.36

Replace {MAJOR_VERSION} with 117 for the user agent in Chrome 117 on android devices.

On Android tablet devices the isMobile() method currently returns true since "Android" matched, however isTablet() fails to detect the tablet device.

I added the following to $tabletDevices in MobileDetect v4.8.02 to detect the Android tablets using Chrome:
"ChromeUserAgentReductionAndroidTablet" => 'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/(\d+).0.0.0 Safari/537.36'

I used the complete user agent since it should be static except the Major Version.

It appears they are now storing specific information inside User Agent Client Hints in the HTTP headers:
https://web.dev/articles/migrate-to-ua-ch

[serbanghita]

It appears they are now storing specific information inside User Agent Client Hints in the HTTP headers:
https://web.dev/articles/migrate-to-ua-ch

That is the most stupid solution ever proposed in the space of User-Agents and Web in general.

The original RFC 1945 from May '96 states that the field "can contain multiple product tokens", a product token being something like MyBrowser/12.3.4 or simply MyBrowser.
This has always been broad enough to offer low entropy so that an user cannot be uniquely tracked.

On the mentioned article and the specs, Google describes User-Agent as the main actor of "passive fingerprinting", "being difficult to process", "there's a lot of entropy wrapped up in the UA string", etc. This is absolute bollocks:

1. You cannot fingerprint solely on UA, you also need HTTP headers with Cookies & friends.
2. It's not difficult to process. See this library and others that split the tokens. Whoever needs to "process" UA strings knows that this is just a contextualized tokenization process.
3. There is not a lot of entropy in the UA string. Take a look at our User-Agent tests https://github.com/serbanghita/Mobile-Detect/tree/4.8.x/tests/providers/vendors - the strings speak for themselves.

Related to #906 (comment)

[lcsqlpete]

This problem is worse now. The User Agent for Chrome running on my Pixel tablet is

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

It no longer contains "Android" so isMobile() returns false.

I also tried javascript navigator.userAgentData.mobile and it too returns false.

[digifa]

Like written in the initial post, this problem has been introduced by Google/Chromium. There is also the solution mentioned - these has to be integrated in Mobile-Detect.
This does not seem to be a major problem to be solved in Mobile-Detect (you have to add the Sec-CH-UA, Sec-CH-UA-Model and Sec-CH-UA-Mobile Header for analyzing) BUT to get the -Model and -Mobile Header you have to add the Accept-CH Header with the requested Headers to the Response (of the Server). (You can do that by adding it by e.g. headers_module, mod_rewrite or manually in your Code) So you get this information first time in the second Request, only per HTTPS and when the user is not blocking this! (Also it is still not supported by Safari & Firefox at least Firefox still implements the "old" behaviour.)

[digifa]

@serbanghita there is a partial fix in #962 by @kevinkimball to solve the problem for identifying mobile devices.

Next step could be identifying tablets by Model from Sec-CH-UA Header.