Haystack: A Multi-Purpose Mobile Vantage Point in User Space

TL;DR

Haystack is a novel Android-based platform that uses the VPN API to monitor mobile network traffic and local context in real-time without root, enabling large-scale, comprehensive analysis of mobile privacy and security.

Contribution

It introduces a non-intrusive, scalable measurement platform leveraging VPN API for on-device traffic analysis, overcoming previous deployment barriers.

Findings

Deployed with 450 users demonstrating practical utility.

Provides comprehensive traffic and privacy risk insights.

Operates seamlessly without root access.

Abstract

Despite our growing reliance on mobile phones for a wide range of daily tasks, their operation remains largely opaque. A number of previous studies have addressed elements of this problem in a partial fashion, trading off analytic comprehensiveness and deployment scale. We overcome the barriers to large-scale deployment (e.g., requiring rooted devices) and comprehensiveness of previous efforts by taking a novel approach that leverages the VPN API on mobile devices to design Haystack, an in-situ mobile measurement platform that operates exclusively on the device, providing full access to the device's network traffic and local context without requiring root access. We present the design of Haystack and its implementation in an Android app that we deploy via standard distribution channels. Using data collected from 450 users of the app, we exemplify the advantages of Haystack over the state of the art and demonstrate its seamless experience even under demanding conditions. We also demonstrate its utility to users and researchers in characterizing mobile traffic and privacy risks.