[drzoltar]

I’m guessing it’s due to bots. Desktop websites are considerably easier for deploying and managing automations. You don’t need a physical smartphone, just any cheap and capable machine behind a vpn. Things like GPS spoofing are considerably easier and harder to detect. Professional bot farms can take advantage of easy screen sharing and proxying to manage Captchas and challenges, thereby distributing their operation and saving on cost while maintaining scale.

I wouldn’t be surprised if 80%+ of desktop logins are from bots and other bad actors.

[anyfactor]

As a bot developer (I prefer to say Python Developer who specializes in Automation and Data(!)), I don't think it is entirely accurate. For example - Instagram's mobile web interface literally relies on the screen aspect ratio. Instagram's unreliability isn't a security measure, this is just unreliability.

As a part time social media manager, I use an android emulator to use Instagram and Facebook. The hoops I have to jump through to post a video story smh.

On a tangent:

I hope people stop labelling bad design as preventive measures. The bad design that do act as preventive measures are almost always accidental. Like yesterday, I spent 2 hours trying to find the cookies when I logged into a site that had some data. Only to discover the entire log in measure was a dummy interface. They were sending the data anyway but had a hacky solution to check if a user have attempted logging in. They were sending the data under the hood but they showed it only when the user logged in. Now, tell me is this a security measure? They did waste my time so wouldn't this fulfill their security goals?

[drzoltar]

Curiously what kind of tasks do you use your bot on? I’m surprised you’re able to use an android emulator. My understanding is that device attestation can detect emulation, which would place the account into a higher risk tier. But maybe as long as you’re under the rate limit for things like profile hits and messages then they let it slide.

That’s why I was thinking web would be easier because you can easily change your header and forego device attestation and emulator detection.

[anyfactor]

I don't use android emulator for developing automation solutions. I use it for regular old part time social media and community management gigs. You can't upload videos stories without the app. I rarely use automation solutions for these jobs.