fix(analytics): rename signal to whatsapp-lite for spoofed UA

Changed from 'signal' to 'whatsapp-lite' since we can't be certain
which app is spoofing the WhatsApp User-Agent - could be Signal,
or any other app using the same bypass technique.

- whatsapp: Verified real WhatsApp (full version like 2.23.18.78)
- whatsapp-lite: Simplified UA (could be Signal or other spoofers)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: MarkusNeusinger

api/analytics.py

@@ -60,15 +60,15 @@
 REAL_WHATSAPP_PATTERN = re.compile(r"whatsapp/\d+\.\d+\.\d+", re.IGNORECASE)
 
 
-def _detect_whatsapp_or_signal(user_agent: str) -> str | None:
-    """Distinguish WhatsApp from Signal based on User-Agent format.
+def _detect_whatsapp_variant(user_agent: str) -> str | None:
+    """Distinguish real WhatsApp from apps spoofing WhatsApp User-Agent.
 
-    Signal deliberately uses 'WhatsApp' User-Agent to bypass rate limits on sites like Twitter.
-    But real WhatsApp includes full version: 'WhatsApp/2.23.18.78 i' (iOS) or 'WhatsApp/2.21.22.23 A' (Android).
-    Signal sends simpler format: 'WhatsApp' or 'WhatsApp/2'.
+    Some apps (Signal, others) use 'WhatsApp' User-Agent to bypass rate limits.
+    Real WhatsApp includes full version: 'WhatsApp/2.23.18.78 i' (iOS) or 'WhatsApp/2.21.22.23 A' (Android).
+    Spoofers send simpler format: 'WhatsApp' or 'WhatsApp/2'.
 
     Returns:
-        'whatsapp' for real WhatsApp, 'signal' for Signal-pretending-to-be-WhatsApp, None if neither.
+        'whatsapp' for verified real WhatsApp, 'whatsapp-lite' for simplified/spoofed UA, None if neither.
     """
     ua_lower = user_agent.lower()
     if "whatsapp" not in ua_lower:
@@ -78,8 +78,8 @@ def _detect_whatsapp_or_signal(user_agent: str) -> str | None:
     if REAL_WHATSAPP_PATTERN.search(user_agent):
         return "whatsapp"
 
-    # Has "whatsapp" but no full version - likely Signal
-    return "signal"
+    # Has "whatsapp" but no full version - could be Signal or other spoofers
+    return "whatsapp-lite"
 
 
 def detect_platform(user_agent: str) -> str:
@@ -89,12 +89,12 @@ def detect_platform(user_agent: str) -> str:
         user_agent: The User-Agent header value
 
     Returns:
-        Platform name (e.g., 'twitter', 'whatsapp', 'signal') or 'unknown'
+        Platform name (e.g., 'twitter', 'whatsapp', 'whatsapp-lite') or 'unknown'
     """
-    # Special handling for WhatsApp vs Signal (Signal uses WhatsApp User-Agent)
-    whatsapp_or_signal = _detect_whatsapp_or_signal(user_agent)
-    if whatsapp_or_signal:
-        return whatsapp_or_signal
+    # Special handling for WhatsApp variants (some apps spoof WhatsApp UA)
+    whatsapp_variant = _detect_whatsapp_variant(user_agent)
+    if whatsapp_variant:
+        return whatsapp_variant
 
     ua_lower = user_agent.lower()
     for platform, pattern in PLATFORM_PATTERNS.items():

docs/architecture/plausible.md

@@ -164,15 +164,14 @@ Bot requests page → nginx detects bot → SEO proxy serves HTML with og:image
 
 **Fallback**: unknown
 
-#### WhatsApp vs Signal Detection
+#### WhatsApp Variant Detection
 
-Signal deliberately uses a WhatsApp User-Agent to bypass rate limits on sites like Twitter ([Issue #10060](https://github.com/signalapp/Signal-Android/issues/10060)). We distinguish them by version format:
+Some apps (Signal, others) use a WhatsApp User-Agent to bypass rate limits ([Issue #10060](https://github.com/signalapp/Signal-Android/issues/10060)). We distinguish real WhatsApp from spoofed requests by version format:
 
 | Platform | User-Agent Example | Detection |
 |----------|-------------------|-----------|
-| WhatsApp (iOS) | `WhatsApp/2.23.18.78 i` | 3+ part version → whatsapp |
-| WhatsApp (Android) | `WhatsApp/2.21.22.23 A` | 3+ part version → whatsapp |
-| Signal | `WhatsApp` or `WhatsApp/2` | No full version → signal |
+| `whatsapp` | `WhatsApp/2.23.18.78 i` | 3+ part version = verified WhatsApp |
+| `whatsapp-lite` | `WhatsApp` or `WhatsApp/2` | Simplified UA = Signal or other spoofers |
 
 ### API Endpoints
 

tests/unit/api/test_analytics.py

@@ -4,7 +4,7 @@
 
 import pytest
 
-from api.analytics import PLATFORM_PATTERNS, _detect_whatsapp_or_signal, detect_platform, track_og_image
+from api.analytics import PLATFORM_PATTERNS, _detect_whatsapp_variant, detect_platform, track_og_image
 
 
 class TestDetectPlatform:
@@ -26,17 +26,17 @@ def test_detects_whatsapp_desktop(self) -> None:
         """Should detect real WhatsApp Desktop."""
         assert detect_platform("WhatsApp/2.2336.9 N") == "whatsapp"
 
-    def test_detects_signal_as_fake_whatsapp(self) -> None:
-        """Should detect Signal (which uses fake WhatsApp User-Agent).
+    def test_detects_whatsapp_lite_for_spoofed_ua(self) -> None:
+        """Should detect spoofed WhatsApp User-Agent as whatsapp-lite.
 
-        Signal deliberately uses 'WhatsApp' User-Agent to bypass rate limits,
-        but without full version number like real WhatsApp.
+        Some apps (Signal, others) use simplified 'WhatsApp' User-Agent to bypass rate limits.
+        We can't know for sure which app, so we label it 'whatsapp-lite'.
         See: https://github.com/signalapp/Signal-Android/issues/10060
         """
-        # Signal sends simple "WhatsApp" or "WhatsApp/2" without full version
-        assert detect_platform("WhatsApp") == "signal"
-        assert detect_platform("WhatsApp/2") == "signal"
-        assert detect_platform("WhatsApp/2.1") == "signal"  # Only 2-part version
+        # Simplified UA without full version -> whatsapp-lite
+        assert detect_platform("WhatsApp") == "whatsapp-lite"
+        assert detect_platform("WhatsApp/2") == "whatsapp-lite"
+        assert detect_platform("WhatsApp/2.1") == "whatsapp-lite"  # Only 2-part version
 
     def test_detects_facebook(self) -> None:
         """Should detect Facebook."""
@@ -80,49 +80,49 @@ def test_case_insensitive(self) -> None:
         assert detect_platform("twitterbot/1.0") == "twitter"
 
     def test_all_platforms_have_patterns(self) -> None:
-        """Should have 25 platform patterns in dict (whatsapp/signal handled separately)."""
-        # 27 total platforms: 25 in PLATFORM_PATTERNS + whatsapp + signal (special handling)
+        """Should have 25 platform patterns in dict (whatsapp variants handled separately)."""
+        # 27 total platforms: 25 in PLATFORM_PATTERNS + whatsapp + whatsapp-lite (special handling)
         assert len(PLATFORM_PATTERNS) == 25
 
 
-class TestWhatsAppSignalDetection:
-    """Tests for WhatsApp vs Signal detection logic."""
+class TestWhatsAppVariantDetection:
+    """Tests for WhatsApp variant detection (real vs spoofed)."""
 
     def test_real_whatsapp_ios(self) -> None:
         """Real WhatsApp iOS should return 'whatsapp'."""
-        assert _detect_whatsapp_or_signal("WhatsApp/2.23.18.78 i") == "whatsapp"
+        assert _detect_whatsapp_variant("WhatsApp/2.23.18.78 i") == "whatsapp"
 
     def test_real_whatsapp_android(self) -> None:
         """Real WhatsApp Android should return 'whatsapp'."""
-        assert _detect_whatsapp_or_signal("WhatsApp/2.21.22.23 A") == "whatsapp"
+        assert _detect_whatsapp_variant("WhatsApp/2.21.22.23 A") == "whatsapp"
 
     def test_real_whatsapp_cfnetwork(self) -> None:
         """Real WhatsApp with CFNetwork should return 'whatsapp'."""
-        assert _detect_whatsapp_or_signal("WhatsApp/2.18.31.32 CFNetwork/894 Darwin/17.4.0") == "whatsapp"
+        assert _detect_whatsapp_variant("WhatsApp/2.18.31.32 CFNetwork/894 Darwin/17.4.0") == "whatsapp"
 
-    def test_signal_simple(self) -> None:
-        """Signal's simple WhatsApp UA should return 'signal'."""
-        assert _detect_whatsapp_or_signal("WhatsApp") == "signal"
+    def test_spoofed_simple(self) -> None:
+        """Simplified WhatsApp UA should return 'whatsapp-lite'."""
+        assert _detect_whatsapp_variant("WhatsApp") == "whatsapp-lite"
 
-    def test_signal_with_major_version(self) -> None:
-        """Signal's WhatsApp/2 should return 'signal'."""
-        assert _detect_whatsapp_or_signal("WhatsApp/2") == "signal"
+    def test_spoofed_with_major_version(self) -> None:
+        """WhatsApp/2 (no full version) should return 'whatsapp-lite'."""
+        assert _detect_whatsapp_variant("WhatsApp/2") == "whatsapp-lite"
 
-    def test_signal_with_two_part_version(self) -> None:
-        """Signal's WhatsApp/2.1 (only 2 parts) should return 'signal'."""
-        assert _detect_whatsapp_or_signal("WhatsApp/2.1") == "signal"
+    def test_spoofed_with_two_part_version(self) -> None:
+        """WhatsApp/2.1 (only 2 parts) should return 'whatsapp-lite'."""
+        assert _detect_whatsapp_variant("WhatsApp/2.1") == "whatsapp-lite"
 
     def test_non_whatsapp_returns_none(self) -> None:
         """Non-WhatsApp User-Agent should return None."""
-        assert _detect_whatsapp_or_signal("Twitterbot/1.0") is None
-        assert _detect_whatsapp_or_signal("Mozilla/5.0") is None
-        assert _detect_whatsapp_or_signal("") is None
+        assert _detect_whatsapp_variant("Twitterbot/1.0") is None
+        assert _detect_whatsapp_variant("Mozilla/5.0") is None
+        assert _detect_whatsapp_variant("") is None
 
     def test_case_insensitive(self) -> None:
         """Should handle case-insensitive matching."""
-        assert _detect_whatsapp_or_signal("WHATSAPP/2.23.18.78") == "whatsapp"
-        assert _detect_whatsapp_or_signal("whatsapp/2.23.18.78") == "whatsapp"
-        assert _detect_whatsapp_or_signal("WHATSAPP") == "signal"
+        assert _detect_whatsapp_variant("WHATSAPP/2.23.18.78") == "whatsapp"
+        assert _detect_whatsapp_variant("whatsapp/2.23.18.78") == "whatsapp"
+        assert _detect_whatsapp_variant("WHATSAPP") == "whatsapp-lite"
 
 
 class TestTrackOgImage: