The ICSI Haystack Project



Privacy Policy and Requested App Permissions


[ Privacy Policy ]


The ICSI Haystack app has been developed by researchers at the University of California and at the International Computer Science Institute (ICSI) in Berkeley, USA. Our goal is to better understand the mobile app eco-system and its impact on user security and privacy, while also helping individual users to understand which organizations and apps collect personal information from their devices.


By installing and running Haystack, you will contribute to a research project that aims to better understand this ecosystem and in turn to improve mobile app security and respect for privacy. To this end, we thank you! For our research efforts, we collect information about your apps' behavior, the type of information the apps leak, and the organization collecting this information: WE DO NOT COLLECT ANY INFORMATION ABOUT YOU OR YOUR DEVICE. You can see a more accurate description of the data collected for research purposes here.


[ App Permissions ]

Haystack requires accessing several sensitive permissions in order to search for private data on your app's traffic. Many apps may leak your last phone calls, your text messages, your location, and even your contacts. As a result, Haystack requires permissions to access this information so it knows what to look for.


Below, we explain the purpose for each permission.



Retrieve running apps:

This permission allows Haystack to identify the applications responsible for a given flow, obtain its associated metadata (e.g., App Name, Package Name and App Icon) and their permissions.


Find accounts on the device:

This permission allows Haystack to identify apps leaking any of your configured accounts on your device.


Read contacts:

This permission allows Haystack to see if any of the apps dumps your contact list to a remote server. This permission can cause false positives in the identification of privacy leaks.


Approximate and Precise location (network-based and GPS-based):

This permission allows Haystack to know your location to see if any of your apps reports it to an online server.


Read your text messages (SMS or MMS):

This permission allows Haystack to see if any of your apps leaks your text messages.


Read phone status and identity:

This permission allows Haystack to obtain values such as the IMEI, one of the unique identifiers most commonly requested by mobile apps for tracking purposes. This permission also allows Haystack to know the state of your connectivity to recover after periods of disconnection or failures.


Read/Modify or delete the contents of your USB storage:

This permission allows Haystack to save information on your sdcard. It does not read any information from it. In future releases, we will also use it to allow you to store Haystack logs and connection reports on your sdcard for further inspection.


View Wi-Fi connections and connect and disconnect from Wi-Fi:

This permission allows Haystack to identify if apps leak WiFi-related information such as your network SSID. This permission also allows Haystack to know the state of your connectivity to recover after periods of disconnection or failures. Moreover, this permission also allows Haystack to identify more advanced leaks. For instance, Haystack scans for neighboring WiFi APs (SSIDs and MAC Addresses) to identify if other apps leak your approximate location in a more subtle way.


Full network access:

As any networking application, Haystack needs to access the Internet.


View network connections and change network connectivity:

Haystack also requires the BIND_VPN_PERMISSION to intercept and analyze your traffic localy.


Please do not hesitate to get in touch with us if you have any concern. If you want to know more about the technical details of the ICSI Haystack, please, read our paper!.


[Data Collection ]


1. We collect anonymized flow-level information (e.g., destination IP, destination port, transport-layer protocol, app-layer protocol and fqdn --if any) and the application responsible for each flow. The data is aggregated and anonymized so we cannot track individual users in our dataset. Our objective is analyzing apps and not user behavior.


2. TLS Client Hello (s) and the application responsible for each TLS session. This allows us to analyze how mobile apps use TLS in real world.


3. The type of the identified privacy leak (e.g., IMEI or CONTACT) -- but not the value itself --, the application causing the leak and the organization collecting the information.


4. For apps causing privacy leaks, we also collect the app version and the full list of permissions that they requests.



As you can see, we only collect anonymized data about your app's activity securely over encrypted traffic to our servers for our research efforts. The data uploads remains completely anonymous, and conforms with a protocol reviewed by UC Berkeley / ICSI's Institutional Review Board (IRB). We also follow the Networked System Ethics guidelines to avoid any unnecessary risk on your privacy and security. We DO NOT COLLECT ANY PERSONAL INFORMATION ABOUT YOU OR ABOUT YOUR DEVICE. Please do not hesitate to contact us if you have any question or concerns.