Skip to content

ZeroTrace AirLeak

Single Device View

Reading every detail AirLeak knows about one device

Tap any row in the Live list and AirLeak opens that device's detail page, everything the unit has learned about that device, organized into compact sections.

What you'll find on the page

The page is laid out top-to-bottom with the most important info first:

  1. Header card, icon, friendly name, MAC, class badge, score gauge
  2. KPI strip, first-seen, observation count, best signal
  3. Live signal, RSSI history plus current/avg/best/worst/TX/distance/rate
  4. Identifiers, fingerprint, OS major, BLE flags, appearance, vendor, company ID
  5. Optional sections, only appear when applicable (Battery, Apple state, Find My)
  6. Service UUIDs, collapsible chip list
  7. Why this class?, breakdown of how the device got its class

The header card

Three things to glance at:

  • Icon + name, class icon plus the device's friendly name (or Unknown <class> fallback)
  • Class badge, the classifier's verdict with confidence: iPhone (94) means 94 % confident
  • Score gauge, visual indicator of the leakage score

The KPI strip

Three numbers always visible:

  • First seen, relative time since first observation
  • Observation count, total events
  • Best RSSI, strongest signal ever observed

A 2-hour-old device with 1247 observations and a best RSSI of -54 has been close, repeatedly. A 5-second-old device with 2 observations and a best RSSI of -91 just walked past once at the edge of range.

Live signal section

A small chart of the last 60 RSSI samples, about 60 seconds of history at typical capture rates. Watch this while moving the device or yourself: you'll see signal fluctuation, walls attenuating, and approach / depart patterns.

Six numbers below the chart:

MetricDescription
CurCurrent RSSI
AvgAverage over last 60 samples
BestStrongest RSSI ever seen
WorstWeakest RSSI ever seen
TXDevice's transmit power (when broadcast)
RateObservations per second over the last minute
DistanceEstimated meters, from RSSI + TX

Distance is approximate, RSSI is noisy and surroundings affect it. Treat ±50 % as the typical confidence.

Identifiers

Every stable identifier extracted for this device:

  • Fingerprint, a stable hash combining payload-stable BLE fields (used for tracking across MAC rotation)
  • OS major, for Apple devices that broadcast it (iOS 17, iOS 18)
  • BLE flags, discoverability flags
  • Appearance, GAP appearance code with interpretation (1344 (Phone))
  • Vendor, manufacturer name from MAC OUI
  • Company ID, Bluetooth SIG company identifier

Empty fields are hidden, only what AirLeak has actually observed shows up.

Optional sections (only when relevant)

Battery (AirPods, Beats, AirTags, wearables)

For AirPods you'll see:

Left:    80%  ⚡ (charging)
Right:   80%
Case:    75%

For AirTags: a battery-level class. For headphones with a battery service: a single percentage.

Find My (for trackers / Find My accessories)

  • Separated-from-owner state
  • Unwanted-tracking-protection (UTP) flag
  • Public-key prefix
  • Battery level

Apple state (for iPhones / iPads / Macs)

  • Last action: screen_on
  • Lock state
  • OS major version
  • Handoff sequence number

The action is one of the most engaging things to watch, you can see when someone's nearby Apple device changes state in real time.

Service UUIDs

A collapsible chip list of every service the device has advertised. Each chip shows the UUID with a well-known short-name when matched (0x180F (Battery), 0xFD9F (Tile), 0xFEE7 (Tuya)).

Why this class?

The classifier's audit trail. Every signal that voted for the current classification, with score contributions:

apple_continuity_nearby_info  ×4    +40
name_contains_iphone                +15
apple_continuity_airdrop            +5
service_uuid_match                  +5
ios_version_bonus                   +5
─────────────────────────────────
Total                               70

If the classification ever surprises you, this section explains why. It's the most useful debugging view in the app.

Real-time updates

While the page is open and the device is being observed:

  • The RSSI history updates with new samples
  • The Apple action / lock state updates as the device broadcasts
  • Battery values update as the device reports
  • The leakage score and Why-class breakdown update as new signals accumulate

The page reflects the live capture stream, no manual refresh needed.

The fastest way to learn AirLeak

Open Live, tap your own iPhone, then walk around the room. Watch the RSSI history and the Apple action change in real time. Within a few minutes you'll have a strong intuition for what every signal means.