Trace the moves of a WhatsApp user
- Online/Offline status (even with privacy options set to “nobody”)
- Profile pictures
- Privacy settings
- Status messages
I made this project for you to realise how broken the privacy options actually are. It just started out as experimenting with Whatsapp to build an Bot, but I was stunned when I realised someone could abuse this “online” feauture of Whatsapp to track anyone. I could just say this in like a blog article (like I tried but got marked as spam) that the privacy options are broken, but you wouldnt realise the impact it actually has.
- Secondary Whatsapp account (phonenumber that doesn’t use Whatsapp)
- Rooted Android phone OR Jailbroken iPhone OR PHP knowledge
- Server/RPi that runs 24/7
- Nginx or Apache with PHP with PDO (php5-pgsql installed) (you can’t host on simple webhoster, you need bash)
- Jailbroken iPhone users: You can retrieve using this script.
- Rooted Android phones can use the following APK to retrieve the secret.
- Insert your (new) secondary SIM card in your phone and boot it up.
- Re-install Whatsapp on your phone and activate it using the new phonenumber.
- Use either the APK (Android) or the script (iPhone) to retrieve the WhatsApp secret. Write this secret down, which is required later.
- Insert your normal SIM card and re-install WhatsApp for normal use.