iOS UA reports a common desktop screen resolution (no iPhone/iPad ships one)

br.ios_screen_desktop_res  ·  convicts

browserlayer
coherencecategory

What it catches

DEVICE<->screen coherence, the sub-1400 slice br.ios_screen_oversized (max>1400) misses. ios_screen_oversized convicts a desktop screen wearing an iOS UA only when a dimension exceeds ~1376 (the largest real iPad); a desktop faking iOS with a SMALLER panel (1366x768, 1280x720, 1280x1024) slips under that bound. This rule closes it with a curated set of common DESKTOP resolutions — 1366x768, 1280x1024, 1280x720, 1280x800, 1360x768, 1024x600, 1600x900 (both orientations) — NONE of which any iPhone/iPad ships (verified against the Apple device corpus iosref.com/res + ios-resolution.com: iOS is tall ~19.5:9 phones + 4:3 iPads, never a 16:9 or 5:4 desktop panel; iPad geometries like 1024x768 / 768x1024 are deliberately EXCLUDED from the set). An iOS UA reporting one is a desktop-faking-iOS. FP-SAFE by construction: the set contains only desktop-exclusive geometries, so no real iOS device can match. Convicting, w0.7. Together with ios_screen_oversized (max>1400) and ios_dpr_incoherent (DPR ∉ {2,3}) this makes the iOS screen manifold a three-rung ratchet — a coherent iOS spoof must land its screen ON a real iPhone/iPad geometry, not merely avoid the oversized bound. GROUNDED LIVE: a Chromium given an iPhone UA + KS_SCREEN=1366x768 (a desktop res the oversized bound misses) fires ios_screen_desktop_res; the same UA + a real iPhone screen (393x852) is SILENT.

Signals it reads

browser.ios_screen_desktop_res

How it fires

present

Bypassed by 10

Frontier evaders that reach the detector uncaught (scored only suspicious, defeating every convicting tell) — this check is not one that stops them. The red-team frontier this detection still has to convict.

← all detections