HACKER Q&A
📣 lbj

Is Signal.org using WhatsApp code?


Earlier today I needed to get into an Instagram account. The owner went to the login screen and clicked the "Get link to login" button and promptly received an email with the special link.

This link was copy/pasted into a Signal chat with me, and instantly another email arrived "New login to your account: WhatsApp Spider ".

Nearby to the sender the is. Is the prefetch showing up as WhatsApp? If so, why?

  👤 jepler Accepted Answer ✓
Interesting. I entered a URL into Signal in 'note to self' (didn't send) and in my access log I saw

    162.210.7.8 - - [20/Jul/2022:16:40:18 -0500] "GET / HTTP/1.1" 200 15336 "-" "WhatsApp/2"
of course, anyone can send any user agent they like. Maybe signal is doing this for better compatibility. I did a quick search in the open source of signal-android and found this: https://github.com/signalapp/Signal-Android/blob/e22ddb8f96f...

  public LinkPreviewRepository() {
    this.client = new OkHttpClient.Builder()
                                  .cache(null)
                                  .addInterceptor(new UserAgentInterceptor("WhatsApp/2"))
                                  .build();
      }
so yes the client app generates a preview of an entered URL by making requests with the user agent WhatsApp/2.