Article Directory
foreword
The recent pre-launched apps require security inspections by the security department, but the inspection results fail because they request network data before agreeing to the privacy agreement and the header contains sensitive information such as the system version and phone model.
Tip: The following is the text of this article, and the following cases are for reference
reason
Before clicking to agree to the privacy agreement, I entered an h5 page of privacy compliance instructions. When loading the h5 web page, webview added several request headers, including UserAgent.
The meaning of each field is as follows:
| string | illustrate |
| Mozilla/5.0 | A browser that pretends to be the Mozilla typesetting engine for compatibility |
| (Linux; Android 8.1.0; NX606J Build/OPM1.171019.026; wv) | Details of the system the browser is running on |
| AppleWebKit/537.36 | The platform used by the browser |
| (KHTML, like Gecko) Version/4.0 Chrome/61.0.3163.98 | Browser Platform Details |
| Mobile Safari/537.36 | Used by browsers to indicate specific enhancements that are available either directly from the browser or through third parties |
You can see that there are two user device information in the first parentheses, so the security detection fails.
solution
It can be solved by modifying the UserAgent of webview:
String userAgent = webView.getSettings().getUserAgentString();
if (!TextUtils.isEmpty(userAgent)) {
String userAgent_sys = userAgent.substring(userAgent.indexOf("("), userAgent.indexOf(")") + 1);
//去掉第一个小括号的设备信息
userAgent = userAgent.replace(userAgent_sys, "");
}
webView.getSettings().setUserAgentString(userAgent);