Client Fingerprinting via Analysis of Browser Scripting Environment
!d.all d.childNodes d.compatMode !d.documentMode
getElementById d.getElementsByClassName !n.savePreferences
XMLHttpRequest !w.globalStorage w.postMessage
Figure 5.7-1: Android 2.2 HTC Evo (Sprint)
The navigator.appVersion and navigator.userAgent provide some information about the device. These two properties include tokens to specify that it is an Android device along with the version (e.g. ‘Android 2.1-update1’), a token to specify that it is a mobile device (e.g. ‘Mobile’) and a browser version token (e.g. ‘Version/’).
The navigator.language property provides information about the language that the device is configured to support. The value of the property is the two character lower case language code, but unlike Google Chrome the value does not include a country identifier. The navigator.language property does not match the language token listed in the navigator.appVersion and navigator.userAgent property. On Android embedded devices, the language token in the navigator.appVersion and navigator.userAgent properties contain the language code and the country code, while navigator.language only contains the language code.
The navigator.platform property contains the value of ‘Linux armv71’ which is the processor of the device. The desktop version of Google Chrome will return ‘Linux i686’ for a processor type.
The navigator.vendor property returns a value of ‘Google Inc.’ for the desktop versions of Google Chrome, but the browser of the embedded Android devices displays some variance in the values that are returned. Android devices will return values of either ‘Google Inc.’ or ‘Apple Computer, Inc.’ for navigator.vendor.
Unlike the desktop version of Google Chrome, Android devices do not include native functionality to modify their User Agent, so it is more difficult for these devices to masquerade as other browsers and/or O/Ss.