A privilege HTML5 allows developers check your battery status when you visit their websites

 

This privilege can be used to track you online without your permission. 

 

Battery status helps developers to make their websites more functionality for users, for example, a website may not auto start playing videos if your mobile battery is low, or to send a light page to save your battery.

 

Battery status API allows developers to check your:

 

Battery status (charging or not)

Battery percentage (charged 70%)

Discharging time.

 

Those check functions can be combined to make over 15 million keys, one of the keys will represent your Identity on the internet. 

 

Scenario

 

Lets say you are browsing Facebook.com, you read a post and want to leave a comment anonymously, so you deleted your browser cookies , used incognito browser, used VPN . and then browse back FAcebook logged in with fake account and left a comment. 

 

In the above scenario you ID wont be hidden and Facebook will know you. how is that?!

 

Simply, when you used Facebook from the begging, Facebook tacked your battery status and generate a unique key for your identity, Your identity will be saved on Facebook servers. 

Once you logged back again with any account, Facebook will generate new Identity and search if there is account belongs to that Identity, by though your fake id is exposed to Facebook and you are not anonynouse any more.   

 

Live Demonstration 

 

I developed this API where you can test if website owners can track you or not. most Android users are trackable. 

 

From your smart phone browser open this link :  https://khalil-shreateh.com/Applications/Mobile_Battery_Security/battery.php

 

If you got information about your mobile charging and battery percentage, this means you could be tracked online.

You can also plug or unplug your charger to see the change of the values.