Modify MS Teams Android app to use different User-Agent on login page

teams_android_useragent.md

How to modify the MS Teams Android app to use a different User-Agent on its login page

Tools needed

• apktool
• zipalign and apksigner and from the Android SDK Build Tools
• keytool from a Java JRE or JDK

Instructions

1. Get the APK of the current MS Teams app (e.g. by copying it from your phone or downloading from APKMirror). These instructions were tested with version 1416/1.0.0.2022394701, and assume it is saved as teams.apk.

2. Extract the APK:

    apktool -r d teams.apk
   

3. Find the WebViewAuthorizationFragment class. In the current version it is under smali_classes3/com/microsoft/identity/common/internal/providers/oauth2/WebViewAuthorizationFragment.smali.

4. In this class, in the setUpWebView function, the User-Agent for the WebView is set like this:

    invoke-virtual {v0, p1}, Landroid/webkit/WebSettings;->setUserAgentString(Ljava/lang/String;)V
   

   Right before this, add the following line to override the User-Agent:

    const-string p1, "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
   

   (or another recent desktop User-Agent)

5. In the res/raw directory, in each of the files msal_config.json, msal_config_opt_disabled.json, msal_enterprise_config.json and msal_enterprise_config_opt_disabled.json, set the broker_redirect_uri_registered setting to false. This is needed because the modified APK will be signed with a different key. This seems to be no longer necessary in the newest version of the Teams app. Yay! 🥳

6. Rebuild the APK:

    apktool b teams -o teams_mod.apk
   

   If you need to install the app alongside the official Teams app, change the package name now and rename conflicting content providers in the Manifest (e.g. using this tool):

    git clone [email protected]:johan12345/ApkRename.git
    ApkRename/apkRename.sh teams_mod.apk com.microsoft.teams.mod!
   

7. Zipalign:

    zipalign -f -p 4 teams_mod.apk teams_mod_zipalign.apk
   

8. Sign the APK:

    keytool -genkey -keystore keys.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias Teams
    apksigner sign --ks keys.keystore  --out teams_mod_signed.apk teams_mod_zipalign.apk
   

9. Install the resulting teams_mod_signed.apk on your Android device. If you did not change the package name above, you will need to uninstall the official version of Teams first due to the different signature.

I just re-tested the instructions with the APK downloaded from here:
https://www.apkmirror.com/apk/microsoft-corporation/microsoft-teams/microsoft-teams-1416-1-0-0-2022394701-release/microsoft-teams-1416-1-0-0-2022394701-android-apk-download/
and don't get any crash after entering my email address. Can you check Android logs (e.g., adb logcat "*:E") to see why it's crashing?

With the newest Teams version, I was able to reproduce the crash right after starting the app. The log in this case is:

FATAL EXCEPTION: pool-19-thread-1
Process: com.microsoft.teams.mod, PID: 25045
java.lang.IncompatibleClassChangeError: Found interface io.opentelemetry.context.Context, but class was expected (declaration of 'io.opentelemetry.context.Context' appears in /data/app/~~wqguCam3Xc9MlW2qSJdUGw==/com.microsoft.teams.mod-WEYtdUEwcp76rJJybHQrgA==/base.apk!classes7.dex)
    at io.opentelemetry.context.Context.$r8$lambda$3Y-T3eyWgYoNX58Un4uW3R7nekc(Unknown Source:0)
    at io.opentelemetry.context.Context$$ExternalSyntheticLambda4.run(Unknown Source:1951)

That seems to be related to this bug in apktool: iBotPeaches/Apktool#3616. A workaround might be to remove all references to OpenTelemetry, but that would take some time...

The reason why I want to try this is with our teams deployment, authentication works only from within Intranet. With my smartphone I cannot enter Intranet (no VPN). I can do a trick with a proxy running on my company laptop. It accepts http requests from my mobile (in the same Wifi network) and forwards it via VPN to companies proxy. So theoretically (and in the past practically as well) I can log in. After successful login a token is created and Teams will work without any connection to companies Intranet.
However what company has changed is that during login, untouched Teams app notices that I am coming from a mobile device and claims I need to install Intune etc. which I do not want...