Following screenshot is an example for few clients getting classified as Android devices and one Android device getting classified as Linux.
Below is the random capture of a HTTP traffic initiated by an Android Client that is classified as a Linux Client.
The User-Agent has the OS info in the User-Agent –> Mozilla/5.0 (Linux; Android 9; ONEPLUS A5000 Build/PKQ1.180716.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.108 Mobile Safari/537.36
Though the User-Agent has the OS information as Android, the AP has set the OS for that client as Linux.
The above is because, a client device initiates multiple HTTP traffic through various applications.
The first HTTP packet, that was processed by the AP had the User-Agent value set to - Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36
The AP hence processes the User-Agent field only on the first HTTP packet. Once the OS is classified for the client, the User-Agent field will not be processed on the following HTTP packets.
If a client entry is removed from the AP and the client connects again to the Wi-Fi, the chances for that client to send the appropriate OS information in the User-Agent Field is very high.
The AP will then re-classify the client’s OS accordingly and update the Client’s tab with the appropriate OS information for the corresponding clients.
This feature is hence completely based on the client's behavior.