diff --git a/navi/api/routes/auth.py b/navi/api/routes/auth.py
index 80bacd2..9ddf68e 100644
--- a/navi/api/routes/auth.py
+++ b/navi/api/routes/auth.py
@@ -66,9 +66,13 @@
         scopes=["openid", "email", "profile", "roles", "permissions"],
     )
 
+    # Detect Android WebView via User-Agent (more reliable than JS navigator.userAgent)
+    ua = request.headers.get("user-agent", "")
+    detected_platform = platform or ("android" if "NaviAndroid" in ua else None)
+
     # Remember platform so callback knows whether to use cookie or bridge page.
     _mobile_auth_states[auth_request.state] = {
-        "platform": platform,
+        "platform": detected_platform,
         "return_to": safe_return_to,
     }
 
@@ -76,7 +80,7 @@
         "auth.login_redirect",
         state=auth_request.state[:8] + "...",
         redirect_uri=redirect_uri,
-        platform=platform,
+        platform=detected_platform,
         return_to=safe_return_to,
     )
     return Response(status_code=302, headers={"Location": auth_request.authorization_url})