Signal catalog

Web — 600+ signals

12 categories on the web side.

Hardware & platform 45

CPU, GPU, screens, sensors, peripherals.

WebGL extensions & parameters
WebGPU adapter info
Battery, Bluetooth, USB, HID
Touch points, pointer types
Multi-monitor (Window Mgmt API)

OS & locale 28

UA-CH, languages, timezone, formats.

Full UA Client Hints set
Intl date/number format inference
DST behavior
System locale collation

Browser & APIs 110

UA, plugins, MIME, ~200 API presence vector.

Permissions matrix (~30 perms)
JS engine quirks fingerprint
CSS feature support matrix
doNotTrack, GPC

Rendering 60

Canvas, WebGL, audio, codec capabilities.

Canvas text + geometry hash
Audio DynamicsCompressor signature
Media Capabilities API
SVG filter rendering

Fonts & text 35

JSFontList + Local Font Access.

~300 fonts via measurement
Emoji rendering fingerprint
Speech synthesis voices

Storage 18

All web storage surfaces + quotas.

1st/3rd party cookie tests
StorageManager.estimate
IndexedDB / Cache API

Network 22

Connection, WebRTC, RTT, SW state.

WebRTC ICE candidate types
HTTP/2 vs HTTP/3 inference
navigator.connection effectiveType

Permissions 40

State matrix for every Permissions API surface.

geolocation / notifications
camera / mic / persistent-storage
clipboard-read / clipboard-write

Behavioral 95

Mouse, keyboard, scroll, touch, focus.

Keystroke dynamics (dwell, flight)
Mouse curvature distribution
Idle / tab focus cadence

Privacy & anti-detect 55

Tor, Brave, Mullvad, anti-detect tools.

Multilogin / Kameleo / Dolphin
Canvas/audio randomizer detection
Headless Chrome inconsistency triad

Agentic & automation 90

Playwright, Puppeteer, CDP, AI agents.

Computer Use / Operator cadence
browser-use signatures
Token-boundary typing
Kinematic implausibility

Cross-checks 22

Inconsistency between claim and behavior.

UA vs platform tells
Timezone vs IP geo
Screen size vs window

Mobile — 500+ signals

10 categories across iOS & Android.

Device & hardware 70

Model, CPU, RAM, storage, sensors.

Build fingerprint, tags
Sensor enumeration with vendors
Display class (HDR, refresh rate)
Foldables, Stage Manager, DeX

OS state 55

Kernel, bootloader, AVB, SELinux, MDM.

Verified boot key / state
Developer mode, ADB
Mock location, unknown sources
iOS supervised mode

App integrity 75

Signing, repackaging, code injection.

APK / IPA cert chain hash
Resource + dex + native hash diffing
LD_PRELOAD / DYLD_INSERT_LIBRARIES
GOT/PLT integrity

Hooking & instrumentation 60

Frida, Xposed, Magisk, jailbreak tweaks.

Frida gadget + gum thread
Stealth Frida (mmap, JIT)
LSPosed / EdXposed / Cydia Substrate
Magisk denylist / zygisk

Emulation & virtualization 35

Emulators + virtualized app hosts.

QEMU / Genymotion / BlueStacks
VirtualXposed / Parallel Space
Houdini ARM-on-x86
Hypervisor presence (CPUID)

Attestation 15

Platform attestation surfaces.

Play Integrity verdicts
App Attest assertion + chain
Hardware-backed key attestation
StrongBox / Secure Enclave

Network 45

VPN, proxy, MITM, captive portal.

Cert pinning probe
tun/utun interface presence
ARP table anomalies
MAC randomization state

Threat state 80

Screen-share, a11y abuse, overlays, malware IOCs.

AnyDesk / TeamViewer / RustDesk
Malicious a11y service list
Banking trojan package fingerprints
Overlay during sensitive flow

Behavioral & sensors 50

In-hand, gait, sensor tampering.

Accel + gyro + light coherence
Replay-loop / constant-value tells
Step counter monotonicity
Tap pressure distribution

Cross-checks 35

Claim vs reality.

Model claim vs sensor stack
Carrier claim vs network stack
iOS version claim vs API tells

Want to go deeper?

Talk to us about your fraud and integrity goals — we'll show you the signals that matter for your stack.

Talk to us See the platform