fix(analytics): distinguish Signal from WhatsApp in platform detection

MarkusNeusinger · claude · MarkusNeusinger · commit 2d2063f18355 · 2026-01-06T15:21:47.000+01:00
Signal deliberately uses 'WhatsApp' User-Agent to bypass rate limits on sites like Twitter. This caused Signal link previews to be tracked as WhatsApp in Plausible analytics. Detection logic: - Real WhatsApp: WhatsApp/X.Y.Z (3+ part version), e.g., WhatsApp/2.23.18.78 i - Signal: Simple WhatsApp or WhatsApp/2 (no full version) Reference: signalapp/Signal-Android#10060 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
diff --git a/api/analytics.py b/api/analytics.py
@@ -8,6 +8,7 @@
 
 import asyncio
 import logging
+import re
 
 import httpx
 from fastapi import Request
@@ -19,6 +20,7 @@
 DOMAIN = "pyplots.ai"
 
 # All platforms from nginx.conf bot detection (27 total)
+# Order matters for some patterns - more specific patterns checked first via _detect_whatsapp_or_signal()
 PLATFORM_PATTERNS = {
     # Social Media
     "twitter": "twitterbot",
@@ -28,12 +30,10 @@
     "reddit": "redditbot",
     "tumblr": "tumblr",
     "mastodon": "mastodon",
-    # Messaging Apps
+    # Messaging Apps (whatsapp handled specially - see _detect_whatsapp_or_signal)
     "slack": "slackbot",
     "discord": "discordbot",
     "telegram": "telegrambot",
-    "whatsapp": "whatsapp",
-    "signal": "signal",
     "viber": "viber",
     "skype": "skypeuripreview",
     "teams": "microsoft teams",
@@ -53,6 +53,34 @@
     "showyoubot": "showyoubot",
 }
 
+# Real WhatsApp User-Agent has version + platform suffix: "WhatsApp/2.23.18.78 i" or "WhatsApp/2.21.22.23 A"
+# Signal uses WhatsApp User-Agent to bypass rate limits but sends simpler format: "WhatsApp" or "WhatsApp/2"
+# Pattern matches: WhatsApp/X.Y.Z (at least 3-part version) followed by platform indicator (i/A/N/W or more text)
+# See: https://github.com/signalapp/Signal-Android/issues/10060
+REAL_WHATSAPP_PATTERN = re.compile(r"whatsapp/\d+\.\d+\.\d+", re.IGNORECASE)
+
+
+def _detect_whatsapp_or_signal(user_agent: str) -> str | None:
+    """Distinguish WhatsApp from Signal based on User-Agent format.
+
+    Signal deliberately uses 'WhatsApp' User-Agent to bypass rate limits on sites like Twitter.
+    But real WhatsApp includes full version: 'WhatsApp/2.23.18.78 i' (iOS) or 'WhatsApp/2.21.22.23 A' (Android).
+    Signal sends simpler format: 'WhatsApp' or 'WhatsApp/2'.
+
+    Returns:
+        'whatsapp' for real WhatsApp, 'signal' for Signal-pretending-to-be-WhatsApp, None if neither.
+    """
+    ua_lower = user_agent.lower()
+    if "whatsapp" not in ua_lower:
+        return None
+
+    # Real WhatsApp has 3+ part version (e.g., WhatsApp/2.23.18.78)
+    if REAL_WHATSAPP_PATTERN.search(user_agent):
+        return "whatsapp"
+
+    # Has "whatsapp" but no full version - likely Signal
+    return "signal"
+
 
 def detect_platform(user_agent: str) -> str:
     """Detect platform from User-Agent string.
@@ -61,8 +89,13 @@ def detect_platform(user_agent: str) -> str:
         user_agent: The User-Agent header value
 
     Returns:
-        Platform name (e.g., 'twitter', 'whatsapp') or 'unknown'
+        Platform name (e.g., 'twitter', 'whatsapp', 'signal') or 'unknown'
     """
+    # Special handling for WhatsApp vs Signal (Signal uses WhatsApp User-Agent)
+    whatsapp_or_signal = _detect_whatsapp_or_signal(user_agent)
+    if whatsapp_or_signal:
+        return whatsapp_or_signal
+
     ua_lower = user_agent.lower()
     for platform, pattern in PLATFORM_PATTERNS.items():
         if pattern in ua_lower:
diff --git a/tests/unit/api/test_analytics.py b/tests/unit/api/test_analytics.py
@@ -4,7 +4,7 @@
 
 import pytest
 
-from api.analytics import PLATFORM_PATTERNS, detect_platform, track_og_image
+from api.analytics import PLATFORM_PATTERNS, _detect_whatsapp_or_signal, detect_platform, track_og_image
 
 
 class TestDetectPlatform:
@@ -14,9 +14,29 @@ def test_detects_twitter(self) -> None:
         """Should detect Twitter bot."""
         assert detect_platform("Twitterbot/1.0") == "twitter"
 
-    def test_detects_whatsapp(self) -> None:
-        """Should detect WhatsApp."""
-        assert detect_platform("WhatsApp/2.21.4.22") == "whatsapp"
+    def test_detects_whatsapp_ios(self) -> None:
+        """Should detect real WhatsApp iOS."""
+        assert detect_platform("WhatsApp/2.23.18.78 i") == "whatsapp"
+
+    def test_detects_whatsapp_android(self) -> None:
+        """Should detect real WhatsApp Android."""
+        assert detect_platform("WhatsApp/2.21.22.23 A") == "whatsapp"
+
+    def test_detects_whatsapp_desktop(self) -> None:
+        """Should detect real WhatsApp Desktop."""
+        assert detect_platform("WhatsApp/2.2336.9 N") == "whatsapp"
+
+    def test_detects_signal_as_fake_whatsapp(self) -> None:
+        """Should detect Signal (which uses fake WhatsApp User-Agent).
+
+        Signal deliberately uses 'WhatsApp' User-Agent to bypass rate limits,
+        but without full version number like real WhatsApp.
+        See: https://github.com/signalapp/Signal-Android/issues/10060
+        """
+        # Signal sends simple "WhatsApp" or "WhatsApp/2" without full version
+        assert detect_platform("WhatsApp") == "signal"
+        assert detect_platform("WhatsApp/2") == "signal"
+        assert detect_platform("WhatsApp/2.1") == "signal"  # Only 2-part version
 
     def test_detects_facebook(self) -> None:
         """Should detect Facebook."""
@@ -60,8 +80,49 @@ def test_case_insensitive(self) -> None:
         assert detect_platform("twitterbot/1.0") == "twitter"
 
     def test_all_platforms_have_patterns(self) -> None:
-        """Should have 27 platform patterns defined."""
-        assert len(PLATFORM_PATTERNS) == 27
+        """Should have 25 platform patterns in dict (whatsapp/signal handled separately)."""
+        # 27 total platforms: 25 in PLATFORM_PATTERNS + whatsapp + signal (special handling)
+        assert len(PLATFORM_PATTERNS) == 25
+
+
+class TestWhatsAppSignalDetection:
+    """Tests for WhatsApp vs Signal detection logic."""
+
+    def test_real_whatsapp_ios(self) -> None:
+        """Real WhatsApp iOS should return 'whatsapp'."""
+        assert _detect_whatsapp_or_signal("WhatsApp/2.23.18.78 i") == "whatsapp"
+
+    def test_real_whatsapp_android(self) -> None:
+        """Real WhatsApp Android should return 'whatsapp'."""
+        assert _detect_whatsapp_or_signal("WhatsApp/2.21.22.23 A") == "whatsapp"
+
+    def test_real_whatsapp_cfnetwork(self) -> None:
+        """Real WhatsApp with CFNetwork should return 'whatsapp'."""
+        assert _detect_whatsapp_or_signal("WhatsApp/2.18.31.32 CFNetwork/894 Darwin/17.4.0") == "whatsapp"
+
+    def test_signal_simple(self) -> None:
+        """Signal's simple WhatsApp UA should return 'signal'."""
+        assert _detect_whatsapp_or_signal("WhatsApp") == "signal"
+
+    def test_signal_with_major_version(self) -> None:
+        """Signal's WhatsApp/2 should return 'signal'."""
+        assert _detect_whatsapp_or_signal("WhatsApp/2") == "signal"
+
+    def test_signal_with_two_part_version(self) -> None:
+        """Signal's WhatsApp/2.1 (only 2 parts) should return 'signal'."""
+        assert _detect_whatsapp_or_signal("WhatsApp/2.1") == "signal"
+
+    def test_non_whatsapp_returns_none(self) -> None:
+        """Non-WhatsApp User-Agent should return None."""
+        assert _detect_whatsapp_or_signal("Twitterbot/1.0") is None
+        assert _detect_whatsapp_or_signal("Mozilla/5.0") is None
+        assert _detect_whatsapp_or_signal("") is None
+
+    def test_case_insensitive(self) -> None:
+        """Should handle case-insensitive matching."""
+        assert _detect_whatsapp_or_signal("WHATSAPP/2.23.18.78") == "whatsapp"
+        assert _detect_whatsapp_or_signal("whatsapp/2.23.18.78") == "whatsapp"
+        assert _detect_whatsapp_or_signal("WHATSAPP") == "signal"
 
 
 class TestTrackOgImage:
