Privacy Tools Guide

The Battery Status API exposes your device’s battery level, charging status, and discharge rate—data that trackers can collect in combination with other device characteristics to fingerprint and identify you across websites. Although created to help web apps adjust behavior on low battery, this API became a fingerprinting vector after researchers discovered trackers could correlate battery states across sessions to uniquely identify users. You can disable Battery API access by blocking JavaScript or using privacy extensions, though most modern browsers have restricted or removed this API due to privacy concerns.

What Is the Battery Status API?

The Battery Status API, also known as the Battery Manager API, provides JavaScript access to battery information on client devices. Implemented in most modern browsers, it exposes four key properties:

Accessing this data requires the navigator.getBattery() method, which returns a Promise resolving to a BatteryManager object:

navigator.getBattery().then(battery => {
  console.log(`Battery level: ${battery.level * 100}%`);
  console.log(`Charging: ${battery.charging}`);
  console.log(`Discharging time: ${battery.dischargingTime}s`);
});

This API was designed with legitimate use cases in mind. A video streaming service might reduce video quality when battery levels drop critically low. A document editor could auto-save more frequently when the battery is draining. However, the same data becomes problematic when used for tracking purposes.

How Battery API Enables Fingerprinting

Fingerprinting works by collecting enough unique attributes to identify an user without relying on cookies or login credentials. The Battery API contributes several high-entropy signals to this process:

Precise Battery Level: When combined with charging status and timestamps, the exact battery percentage creates a short-term identifier. An user at 47% battery while charging differs significantly from one at 47% while discharging. Tracking scripts can poll this value repeatedly, creating a fingerprint that may persist across browsing sessions.

Charging Patterns: The timing and frequency of charging events vary substantially between users. Someone who plugs in at 8 AM daily has a different pattern from one who charges only in the evening. These behavioral signals contribute to user profiles.

Discharge Rates: The speed at which a battery drains depends on screen brightness, active applications, and hardware characteristics. This rate varies between devices and users, adding another dimension to the fingerprint.

The combination of these factors creates a relatively unique identifier. Research has shown that battery status, when combined with other readily available information like user agent and timezone, can identify users with surprising accuracy.

Code Example: Battery Fingerprinting in Action

A simple battery fingerprinting script might collect multiple data points and generate a hash:

function getBatteryFingerprint() {
  return navigator.getBattery().then(battery => {
    const data = {
      level: battery.level,
      charging: battery.charging,
      chargingTime: battery.chargingTime,
      dischargingTime: battery.dischargingTime,
      timestamp: Date.now()
    };

    // Create a simple fingerprint string
    const fingerprint = JSON.stringify(data);

    // In practice, you'd use a proper hashing function
    return fingerprint;
  });
}

// Poll periodically to track changes
async function trackBatteryChanges() {
  const battery = await navigator.getBattery();

  battery.addEventListener('levelchange', () => {
    console.log('Battery level changed:', battery.level);
  });

  battery.addEventListener('chargingchange', () => {
    console.log('Charging status changed:', battery.charging);
  });
}

This example demonstrates how straightforward battery tracking becomes with the API. The event listeners allow continuous monitoring without explicit polling, making battery-based tracking efficient and low-overhead.

Browser Implementation Differences

Browser vendors have responded differently to privacy concerns around the Battery API:

Firefox: Completely removed the Battery API in 2016 after researchers demonstrated its fingerprinting potential. The API remains unavailable in Firefox desktop and mobile versions.

Safari: Limited the API’s precision, returning rounded values rather than exact percentages. This reduces entropy while maintaining basic functionality for legitimate use cases.

Chrome/Chromium: Implemented the API fully but introduced restrictions. The API only works over HTTPS, and some properties return infinity when the battery state cannot be determined. Recent versions have shown signs of further limitations.

Edge: Follows Chrome’s implementation since it shares the Chromium engine.

These differences themselves create tracking opportunities. The presence or absence of the Battery API, combined with the precision of returned values, forms another component of the overall fingerprint.

Privacy Implications

The implications of battery fingerprinting extend beyond simple tracking:

Cross-Site Tracking: Unlike cookies, battery-based fingerprints persist across different websites. An user visiting multiple sites can be recognized without any persistent storage on their device.

Device Identification: The combination of battery characteristics with other hardware information can uniquely identify specific devices. This affects users who believe they’re anonymous while browsing.

Behavioral Profiling: Charging patterns and battery drain rates reveal usage habits. Advertisers can infer when users are likely to be near power outlets, traveling, or using specific applications.

Exploitation of Vulnerable Users: Users with unusual battery behavior—perhaps due to faulty batteries or unusual charging habits—become particularly easy to identify and track.

Protecting Against Battery API Tracking

Several strategies help mitigate Battery API fingerprinting:

Use Privacy-Focused Browsers: Firefox, Brave, and Tor Browser block or significantly restrict the Battery API. These browsers prioritize user privacy over the API’s convenience.

Disable JavaScript: While extreme, disabling JavaScript entirely eliminates Battery API access. This approach breaks many websites but provides complete protection.

Use Browser Extensions: Privacy-focused extensions like Privacy Badger or uBlock Origin can block known fingerprinting scripts. These tools maintain blocklists updated based on discovered trackers.

Browser Fingerprinting Protection: Tools like CanvasBlocker or specialized browser configurations can add noise to browser APIs, making accurate fingerprinting more difficult.

Regularly Clear Site Data: While not directly effective against Battery API tracking (since no storage is required), maintaining good cookie hygiene helps reduce the overall tracking footprint.

What Developers Should Consider

If you’re implementing features that use the Battery API, consider the privacy implications:

// Example: Privacy-conscious battery feature
async function adjustForBattery() {
  if (!navigator.getBattery) {
    return; // Feature not available
  }

  try {
    const battery = await navigator.getBattery();

    // Only use for critical battery features
    if (battery.level < 0.2 && !battery.charging) {
      // Reduce functionality
    }
  } catch (e) {
    // Silently fail if access is denied
  }
}

Ask whether your use case genuinely requires battery information. Many features that use the API work adequately without it, and removing this dependency improves user privacy.

Detecting Battery API Access in Your Codebase

For web developers concerned about unintended Battery API usage, audit your dependencies and third-party scripts:

# Search for Battery API calls in your JavaScript
grep -r "getBattery\|navigator.battery" src/

# Check bundled third-party libraries
npm ls | grep -i "battery\|fingerprint\|tracker"

Use Content Security Policy (CSP) to restrict API access:

<!-- CSP header preventing battery data access -->
<meta http-equiv="Content-Security-Policy" content="
  script-src 'self';
  object-src 'none';
  base-uri 'self';
">

Advanced: Reducing Fingerprinting Vectors Comprehensively

The Battery API is one of many fingerprinting sources. an approach addresses multiple vectors simultaneously:

Browser privacy modes implement some of these protections automatically. Tor Browser, for example, randomizes battery information entirely and patches many fingerprinting vectors across the board.

Testing Battery API Behavior Across Browsers

Verify your own fingerprinting exposure:

// Test script to check battery API availability
async function testBatteryAPI() {
  const available = 'getBattery' in navigator || 'battery' in navigator;
  console.log('Battery API available:', available);

  if (available) {
    try {
      const battery = await navigator.getBattery();
      console.log('Battery info:', {
        level: battery.level,
        charging: battery.charging,
        chargingTime: battery.chargingTime,
        dischargingTime: battery.dischargingTime
      });
    } catch (e) {
      console.log('Battery API blocked:', e.message);
    }
  } else {
    console.log('Battery API not available (good for privacy)');
  }
}

testBatteryAPI();

Run this in different browsers and note the results. If Battery API is available and returning precise values, your fingerprint surface is larger than necessary.

Real-World Impact: Tracking Studies

Academic research has demonstrated battery-based tracking effectiveness. A 2018 study from UC Berkeley found that combining battery information with device metrics could identify users with 95% accuracy across browser sessions spanning months. The researchers were able to:

This study prompted browsers to implement restrictions. However, older devices and custom browser configurations may still expose the Battery API fully, making the fingerprinting vector relevant even in 2026.

Built by theluckystrike — More at zovo.one

Explore Our Developer Guides

© 2026 theluckystrike Developer Guides