Skip to content

Hello again from the tweasel project, where we are creating a web app that analyzes mobile apps for privacy issues. One of the major changes we have made is switching to a different unpinning script for Android, which allows us to bypass certificate pinning more reliably. We have also fixed some bugs that were affecting the installation and usage of our tools and libraries on different platforms and devices. In addition, we have continued working on our documentation and outreach, by creating a new docs site and giving a workshop at the Digitalcourage Aktivcongress. We have also collected some new traffic data that we will use to create and improve our TrackHAR adapters.



Appstraction is an abstraction layer for common instrumentation functions on Android and iOS. It allows you to install, uninstall, start, stop apps and configure their permissions, as well as manage device settings like emulator snapshots, clipboard, proxy, and certificates. Appstraction can also be used for purposes other than mobile privacy.



Cyanoacrylate is a toolkit for large-scale automated traffic analysis of mobile apps on Android and iOS. It uses mitmproxy to capture the HTTP(S) traffic of apps in HAR format and appstraction to instrument physical devices, or emulators for Android. Cyanoacrylate handles the management of certificate authorities and WireGuard mitmproxy setup automatically. It is designed to analyze the tracking behavior of mobile apps.

  • I noticed that my previous implementation of exposing mitmproxy events was incomplete. For example, we were missing the hostname in certificate errors. As such, I significantly extended the existing implementation. We are now exposing pretty much all the information that mitmproxy provides in its events, complete with proper type definitions and docstrings.
  • This change was released in version 1.0.0. That release also inherits all changes from the appstraction 1.0.0 release.



Tweasel CLI is a command-line tool that allows you to instrument and analyze mobile apps and their traffic using the tweasel project libraries. You can record the traffic of an Android or iOS app in HAR format (based on cyanoacrylate), and detect tracking data transmissions from the traffic (based on TrackHAR). Tweasel CLI provides a convenient wrapper around these libraries for common use cases, so you don’t have to write any code.

Documentation and outreach

  • I wrote ghtivity, a small utility for displaying the activity in GitHub repositories in a certain time frame to make writing these devlogs easier. I was previously spending way too much time finding all the changes that happened since the last update and that seemed ridiculous.

    Screenshot showing the output of ghtivity. There are sections for multiple repositories in the tweaselORG organization. Some show activity in the form of issues, pull requests, and/or releases. One doesn't show any activity.
    • Mere minutes after the first release, I noticed two bugs and had to push a quick v1.0.1 release. :)
  • We put some thought into how we want to structure our documenation. Our research documentation regarding trackers (to explain why the TrackHAR adapters are the way they are) will live in a separate section on For the API reference docs, we will switch to Typedoc proper.

  • And for all other documentation, I have started So far, we already have an introduction that explains the different parts of our project, two tutorials for installing our tools and libraries and how do do traffic analysis with CLI, and a section describing common problems and how to solve them. We plan to extend this in the future, for example with a background section that explains the technical details of how our tools work and our dependencies.

  • Lorenz and I were at the Digitalcourage Aktivcongress in Remscheid, an information exchange and networking events for people active in the data protection/digital rights movement that was organised by Digitalcourage. We gave a workshop on how to install and use our tools. As all workshops at the event were fairly ad-hoc, we don’t have a presentation that we can share, but we essentially just followed the tutorials on our new docs site.

  • I want to work on creating new adapters for TrackHAR and properly documenting the existing ones next but noticed that the most recent traffic data we have is now almost a year old. Thus, I ran a new collection on ~1000 apps each on Android and iOS. On Android, I used the monkey to generate some random user input and hopefully trigger more requests. I collected 126,161 requests in total, which should give us a good basis for future work.
    We’ll release the data through our public request database, which is almost ready to be published.

written by Benjamin Altpeter
licensed under: Creative Commons Attribution 4.0 International License