Device-activity-tracker

This security research project exposes a critical privacy vulnerability in popular messaging platforms by analyzing delivery receipt patterns and round-trip time (RTT) measurements. By leveraging these protocol-level signals, the tool can determine whether a target device is actively being used, in standby mode, or completely offline—all without requiring any interaction from the target user.

Built with TypeScript and Node.js, the project uses the Baileys library to interface with WhatsApp's protocol and demonstrates similar techniques applicable to Signal. The proof-of-concept reveals how seemingly innocuous protocol features can be exploited to track user behavior patterns, sleep schedules, and device usage habits over time.

This tool serves as an important educational resource for security researchers, privacy advocates, and developers who need to understand the implications of metadata leakage in encrypted messaging systems. It highlights how even end-to-end encrypted platforms can inadvertently expose sensitive behavioral data through timing attacks and protocol design choices.

The React-based interface provides real-time visualization of device activity patterns, making it easy to understand the severity of these information leaks and their potential impact on user privacy in real-world scenarios.