The ICSI Haystack Project

The ICSI Haystack app is available on:

Direct download

[ About ]

The ICSI Haystack

A Tool to Stay in Control of Your Personal Information

Your phone hosts a rich array of information about you and your activities, which we'll refer to as Private Data (PD). This includes a range of identifiers that can enable sites to track you, as well as data about your location. Some mobile apps require the information to provide useful functios of the app, or to adapt content to your device. For example, a Maps application of course needs to know your exact location. But in other cases, apps may collect privacy-sensitive information and share it with third parties such as ad networks and analytics services without your consent. The ICSI Haystack app analyzes your mobile traffic and helps you to identify which apps leak information about you, where your apps connect to, which protocols they use and informs you about the organizations collecting this information.

Find Online Trackers

The ICSI Haystack helps you to identify mobile applications leaking your privacy-sensitive data and third party organizations collecting it. Check our interactive panopticon to see how mobile apps connect to third-party tracking services!


The ICSI Haystack identifies apps leaking privacy-sensitive information over encrypted traffic in real-time.

Keep control of your data

The ICSI Haystack runs completely in your phone with little impact on your user experience. It does not forward your traffic or your personal information anywhere, so it does not compromise your privacy.

Be part of a research study!

The ICSI Haystack app comes from a research team at ICSI-UC Berkeley. By installing Haystack, you actively contribute to ongoin research efforts aiming to illuminate unknown aspects of the mobile ecosystem.

[ features ]

Easy to Use

Finding out how your apps behave in the networks and how they extract or leak your personal information is as simple as clicking the start button and letting Haystack run! For security purposes, Android will inform you that your traffic will be intercepted, asking you for permission to continue. You may need to also install an additional TLS certificate to enable intercepting TLS traffic. If you miss it during installation time, don't worry! You can re-install it any time from the app settings. We strongly recommend reading in its entirety the tutorial shown the first time you run the app.

Learn About Your Mobile Apps

Most likely, very soon after turning on the VPN interface you will quickly learn interesting facts about the apps that you run on your phone. You can use the ICSI Haystack tool to understand the network protocols used by your apps, where they connect to, which data they share with third parties and even how much traffic they waste for advertising so you can decide whether to uninstall those that strike you as too intrusive. Not all devices provide the features required by Haystack to operate. If after a few minutes you observe that the ICSI Haystack does not identify any privacy leaks, read our FAQ and feel free to get in touch with us.

Detailed Reports

Apps may sometimes leak information to not only their own servers but also to online advertising networks or other online tracking services that monetize your metadata. The ICSI Haystack Android app analyzes your mobile traffic and generates reports about the traffic patterns and the private data collected by each application. Haystack aims to help you to understand many dynamics that may remain unknown for you, how apps may connect to third parties that monetize your personal information and why staying in control of your apps is important for you.

Illuminating App Behavior

A typical user thinks that when running an app, only the app developer may collect their personal information. However, nearly 70% of Android apps leak personal data to third-party services such as analytics services and ad networks. In addition to the features provided by the ICSI Haystack app, you can play with our interactive ICSI panopticon tool to better understand the whole mobile ecosystem and how apps use third-party online trackers. You can contribute to our research efforts by installing and running our Haystack app. Remember that we do not collect any personal information about you!

[ Papers ]

Haystack: In Situ Mobile Traffic Analysis in User Space

Abbas Razaghpanah, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Christian Kreibich, Phillipa Gill, Mark Allman, Vern Paxson

arXiv, 2015

[ FAQ ]

What data do you collect for your research studies?

Why does the ICSI Haystack tool need so many permissions?

How much data does Haystack take from my data plan?

Why Haystack does not identify any leak on my phone?

How can I uninstall the root certificate for TLS interception?

Get in touch with us!

[ team ]