Currently, we test mobile apps by running on phones that have been flashed with our custom OS. The number of apps that we can analyze is therefore limited by the number of physical devices that we have. Moving forward, we would like to be able to run our custom OS on a virtual machine (VM).

Research goal: There exists an open source VM for Android, however, it does not implement all of the persistent identifiers (and other privacy-sensitive data types) that we are interested in monitoring. Thus, we need to modify it so that we can create a configuration file that specifies random values for these identifiers (e.g., randomly generating an IMEI, MAC address, etc.), which is then read by the VM upon startup.

Potential studies:

• This will allow us to study whether some apps attempt to detect whether or not they are being monitored. We can run studies using the VM and monitor whether they attempt to detect whether or not they’re being monitored, and if so, how they behave differently.