The problem with this is that I can customize my user agent to be anything I want.
So as soon as anyone knows what you are doing, it is trivial to customize my device user-agent to spoof the one you want to see.
Yeah, that was what I was wondering - I was pretty sure the user-agent string is in plain text, so anyone can sniff the network and now they're in.
So a bit more than security through obscurity, thought not sure how much more.
If you are using TLS, it is not easily visible.
But, if you know what it is, then you can still set it. But it helps hide it if you don't know what's being sent.