Modify MS Teams Android app to use different User-Agent on login page

teams_android_useragent.md

How to modify the MS Teams Android app to use a different User-Agent on its login page

Tools needed

• apktool
• zipalign and apksigner and from the Android SDK Build Tools
• keytool from a Java JRE or JDK

Instructions

1. Get the APK of the current MS Teams app (e.g. by copying it from your phone or downloading from APKMirror). These instructions were tested with version 1416/1.0.0.2022394701, and assume it is saved as teams.apk.

2. Extract the APK:

    apktool -r d teams.apk
   

3. Find the WebViewAuthorizationFragment class. In the current version it is under smali_classes3/com/microsoft/identity/common/internal/providers/oauth2/WebViewAuthorizationFragment.smali.

4. In this class, in the setUpWebView function, the User-Agent for the WebView is set like this:

    invoke-virtual {v0, p1}, Landroid/webkit/WebSettings;->setUserAgentString(Ljava/lang/String;)V
   

   Right before this, add the following line to override the User-Agent:

    const-string p1, "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
   

   (or another recent desktop User-Agent)

5. In the res/raw directory, in each of the files msal_config.json, msal_config_opt_disabled.json, msal_enterprise_config.json and msal_enterprise_config_opt_disabled.json, set the broker_redirect_uri_registered setting to false. This is needed because the modified APK will be signed with a different key. This seems to be no longer necessary in the newest version of the Teams app. Yay! 🥳

6. Rebuild the APK:

    apktool b teams -o teams_mod.apk
   

   If you need to install the app alongside the official Teams app, change the package name now and rename conflicting content providers in the Manifest (e.g. using this tool):

    git clone git@github.com:johan12345/ApkRename.git
    ApkRename/apkRename.sh teams_mod.apk com.microsoft.teams.mod!
   

7. Zipalign:

    zipalign -f -p 4 teams_mod.apk teams_mod_zipalign.apk
   

8. Sign the APK:

    keytool -genkey -keystore keys.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias Teams
    apksigner sign --ks keys.keystore  --out teams_mod_signed.apk teams_mod_zipalign.apk
   

9. Install the resulting teams_mod_signed.apk on your Android device. If you did not change the package name above, you will need to uninstall the official version of Teams first due to the different signature.

The reason why I want to try this is with our teams deployment, authentication works only from within Intranet. With my smartphone I cannot enter Intranet (no VPN). I can do a trick with a proxy running on my company laptop. It accepts http requests from my mobile (in the same Wifi network) and forwards it via VPN to companies proxy. So theoretically (and in the past practically as well) I can log in. After successful login a token is created and Teams will work without any connection to companies Intranet.
However what company has changed is that during login, untouched Teams app notices that I am coming from a mobile device and claims I need to install Intune etc. which I do not want...

i've tried to follow this path of having ms teams user agent changed but the new modded apk crashes on opening(android 14).
tried with the latest info but also with the older one posted above by Johann.

with latest apk tool and zipaling from 29.0.3 build.

anyhow, really appreciate and thanks Johann for your work and sharing this info with community.

@colyro have you managed to check the logs (as mentioned above) to see why the new APK crashes?

sure. below is the feedback per each package:

1. apktool 2.10 - older version(your initial version tested in 2022) 1416/1.0.0.2022394701 build 2022394713

crashing after email address introduction when selcting work ors school account with message: Sorry, but we're having trouble signing you in, please try again.

2. apktool 2.10 - latest teams version - 1416/1.0.0.2024053003 build 2024453030

java.lang.IncompatibleClassChangeError: Found interface io.opentelemetry.context.Context,but class was expected (declaration of 'io.opentelemetry.context.Context' appears in /data/app/~~ggT7Gk-rcl94g4-E0rxjNA==/com.microsoft.teams-aMLmJd723kVwJm8XfYVcyQ==/base.apk!classes7.dex)
at io.opentelemetry.context.Context.
$r8$lambda$3Y-T3eyWgYoNX58Un4uW3R7nekc(Unknown Source:0)
at io.opentelemetry.context.ContextS$ExternalSyntheticLambda4.run(Unknown Source:2040) at
java.util.concurrent. ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent. ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)

3. apktool 2.93 - older version(your initial version tested in 2022) 1416/1.0.0.2022394701 build 2022394713

crashing after email address introduction when selcting work ors school account with message: Sorry, but we're having trouble signing you in, please try again.

4. apktool 2.93 - latest teams version 1416/1.0.0.2024053003 build 2024453030

Error: java.lang.IncompatibleClassChangeError: Found interface io.opentelemetry.context.Context,but class was expected (declaration of 'io.opentelemetry.context.Context' appears in /data/app/~~gLPi7Tpazv70MehlqloPKA==/com.microso ft.teams-wOX8yn38FzQ-bNKlau4x5g==/base.apk!classes7.dex)at io.opentelemetry.context.Context.
$r8$lambda$3Y-T3eyWgYoNX58Un4uW3R7nekc(Unknown Source:0)
at io.opentelemetry.context.Context$SExternalSyntheticLambda4.run(Unknown Source:2040)
at
java.util.concurrent. ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)at

Phone Android version: 14
Build-tools version: 29.0.3 of zipalign/apksigner
OS used for apktool/zipalign/apksigner: Centos 9 x64
Source of apk for latest Teams version: https://apkpure.com/microsoft-teams/com.microsoft.teams

crashing after email address introduction when selcting work ors school account with message: Sorry, but we're having trouble signing you in, please try again.

Well, that is not a crash, just an error message from Microsoft - so likely your company's MS sign-in page does not like the modified Teams app. In my company's case, it would directly redirect to the company's own sign-in page after entering the email address (and that just identifies mobile devices based on their User-Agent), so maybe that is why I haven't encountered this? 🤔

oh I forgot to mention, I did not modify/alter anything especially to see if this is happening only if I touch the original apk.
I just decompiled original apk, recompiled, zipaling and sign.

So it is due to original apk manipulation

I share the same issue as @colyro. On my Android 13 phone, the app just quits less than a second after starting it if I change the user agent. I tried several user agents in case that would make any difference, but nope.

Any ideas?