Analysis is designed to run entirely in this browser tab. Trace has no upload endpoint, and its intended code sends no archive bytes.

Check the local-processing claim

  1. Load this page.
  2. Turn on Airplane Mode (or unplug your network).
  3. Run your scan. Everything still works, because the analysis is a WebAssembly program running inside this tab.

An offline scan demonstrates that the loaded app has no scan-time server dependency. It does not authenticate code already loaded, erase records of the visit, or prove what a different build would do. You can also inspect the browser's Network panel during a particular scan and confirm that no request contains the archive; the intended app makes only site-resource and public-indicator requests allowed by its security policy.

Prepare a responder-readable report

The preview leaves the source filename, device metadata, raw evidence objects, and dedicated source-artifact fields out by default. Finding summaries remain and can name relevant processes or paths. The archive SHA-256 remains so a responder can compare this handoff with the archive bytes it identifies.

Include in this readable copy

The downloaded file is self-contained and can be opened in a browser, printed, or saved as PDF. It contains no scripts or remote assets.

Drop your sysdiagnose file here

a file named like sysdiagnose_2026.07.07_…​.tar.gz

No file yet? See what results look like: ·

How to capture a sysdiagnose on your iPhone (a computer is currently required)
  1. Trigger it: press and hold both volume buttons and the side button together for about 1 to 1.5 seconds, then release. You should feel a short vibration. If the power-off slider appears, you held too long: cancel and try a shorter press. If you felt no vibration, don't worry; continue with the next steps, and if no file appears, simply press the buttons again.
  2. Wait 10 to 15 minutes. Your iPhone gathers diagnostics in the background; you can keep using it normally. Older phones take longer, so give it the full time before deciding it didn't work.
  3. Find the file: open Settings → Privacy & Security → Analytics & Improvements → Analytics Data. The list is long and alphabetical: scroll near the bottom, past hundreds of routine entries, to the files starting with sysdiagnose_. The right one ends with the date and time you pressed the buttons. Tap it.
  4. Send it to your computer: tap the share icon in the top corner. On a Mac, AirDrop it and it will land in Downloads. On Windows, the simplest route is Save to Files → iCloud Drive, then downloading it from icloud.com. This uploads the archive to your iCloud account and may create account activity. Do not use that route if someone else may have access to the account; use a trusted Mac via AirDrop or ask a digital security helpline for a safer transfer plan. The file is large (usually 200 to 400 MB), so transfer can take a few minutes.
  5. Drop it above. The analysis runs on your own computer and usually finishes in well under two minutes. Scanning directly on an iPhone has not been validated, so Trace does not currently tell people to rely on a phone-only scan.

What Trace is - and is not

Trace inspects four artifact families inside an iPhone sysdiagnose - the shutdown log, crash and diagnostic .ips reports, process listings, and the unified system logs (every process that wrote a log entry over the archive window, typically days of history) - and compares process-bearing evidence against public indicators of compromise published by Amnesty International's Security Lab and the Mobile Verification Toolkit indicator collection (Citizen Lab, Kaspersky, Google, Microsoft, and others). These artifacts are where several known implants, including Pegasus, have left visible traces.

A "no matches" result is not a clean bill of health. It means no known implant left known traces in the artifacts this tool reads. Spyware not yet publicly documented, or traces that live elsewhere (browsing history, message databases, network records), would not be found. If your risk is real - you are a journalist, activist, lawyer, or targeted person - treat this tool as a first look, not a verdict, and talk to the experts linked in every result.

Trace does not monitor in real time, cannot remove anything, and does not support Android yet. It inherits the time lag of public threat intelligence: commercial tools with private telemetry may know about newer indicators sooner. That is the honest trade for a tool you never have to trust with your data.