For android detection, using htaccess try:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "android" [NC]
RewriteRule ^(.*)$ /android/$1 [L,QSA] # redirect aqui
RewriteCond %{HTTP_USER_AGENT} "iphone|ipod|ipad|windows" [NC] # redirecao para os outros
RewriteRule ^(.*)$ http://YOU_SHALL_NOT_PASS/$1 [L,QSA]
But you said you had some php files. I would take advantage of that, and put a first file with that, this file would be the first to be read by the server:
$useragent = $_SERVER['HTTP_USER_AGENT'];
$devicesAllowed = array('android' => 'http://www.android.com'); // aqui colocamos os 'aparelhos' admitidos, neste caso é só android com os respetivos url para redireção
foreach($devicesAllowed as $device => $url) {
if(strpos($useragent, $device) !== false) {
header('Location:' .$url);
}
}
header('Location: YOU SHALL NOT PASS'); // redireção para os outros clientes (ios, desktop etc...)
Note that on the client side we can fake this, there are even plugins/add-ons for browsers to do this. Do not count as 100%