A "WhatsApp tracker" is any tool that claims to monitor a person's WhatsApp activity from the outside, and DB Center's WhatsApp tracker page is one example of the online-status type. The phrase covers a wide range of products, from simple websites that log when a contact comes online to full spyware suites that promise to mirror an entire phone. Understanding the mechanics behind each clears up most of the confusion, and it also explains why the cheap, freely advertised ones rarely do what their marketing suggests.
The important thing to grasp early is that none of these tools break WhatsApp's encryption. WhatsApp uses end-to-end encryption on messages and calls, which means the content is scrambled between the two devices and cannot be read in transit, not by the network, not by WhatsApp itself, and not by a tracker sitting somewhere in the middle. Anything a tracker claims to capture comes from a different angle entirely.
Online-Status Trackers: Automated Watching
The most common and least sophisticated category simply watches a contact's online and "last seen" status. WhatsApp normally shows when a person is online, and when they were last active, unless that person has switched off the relevant privacy settings.
A status tracker automates the checking you could do by hand. Rather than you opening the chat every few minutes to see whether the green dot is showing, the tool polls that status in the background every few seconds. Each time the contact appears online or drops offline, it records a timestamp. After a day or two it stitches those timestamps into a timeline that looks remarkably detailed — "online at 9:14, offline at 9:31, online again at 11:02" — and presents it as if it has uncovered something private.
It has not. Every entry in that log is a status the contact left publicly visible. The tracker added persistence and scale, nothing more. This is why the same tool returns a blank, useless report against anyone who has tightened their privacy settings: there is no public signal left to record.
Device-Level Spyware: The Invasive Category
The second category is far more serious and is what most people imagine when they hear "spy app." These tools claim to read messages, see media, log calls, and track location. Because they cannot decrypt WhatsApp traffic, they work by compromising the device itself.
There are two usual routes. The first is software installed directly on the target phone, which captures the screen, reads notifications as they arrive, or logs keystrokes before encryption ever applies. Installing this requires physical access to the unlocked phone. The second route hijacks a WhatsApp Web or linked-device session, where the attacker tricks the victim into scanning a QR code that quietly mirrors their account to another screen.
Neither is a clever exploit of WhatsApp. Both are ordinary device compromise dressed up as a product feature, and both depend on either getting hold of the phone or deceiving the owner into helping. That dependency is also their legal weakness, as covered below.
The Legitimate Exceptions
There are narrow situations the law treats differently, and they share one feature: consent or guardianship. A parent supervising the device of their own minor child is acting within recognised guardianship. An employer monitoring a company-owned device, where the employee has given informed written consent and knows the monitoring is in place, is operating with permission.
In both cases the monitoring is not secret and not directed at an unconsenting adult. Strip away the consent or the guardianship and the same activity becomes something else entirely.
Is It Legal in Pakistan? The PECA 2016 Position
For tracking another adult without their knowledge or consent, the position in Pakistan is fairly clear and not favourable to the person doing the tracking.
The Prevention of Electronic Crimes Act (PECA) 2016 criminalises unauthorised access to data and information systems, and unauthorised interception. Secretly monitoring another adult's WhatsApp activity without their knowledge sits squarely in that territory. Depending on what is captured, it can also amount to a breach of privacy, and where the conduct involves following, contacting, or watching a person in a way that causes alarm, it can fall under the Act's cyberstalking and harassment provisions.
Installing spyware on someone else's phone is an offence in its own right, separate from whatever you do with the data afterward. The act of compromising the device is enough. And the easy availability of these apps changes nothing — the fact that a tool can be downloaded freely does not make deploying it against another person lawful. Complaints of this kind are handled by the FIA's Cybercrime Wing, and the evidence trail usually points straight back at the person who installed the tool.
The Practical Takeaway
The harmless-looking status trackers are mostly logging information the target chose to make visible, so the real answer to them is defensive: the person being watched can switch their last-seen and online visibility to "Nobody" or "My Contacts" in WhatsApp's privacy settings, and the logging stops working overnight. The invasive trackers cross a clear legal line in Pakistan, and the legal risk sits entirely with the person who deploys them, not with the person they targeted.