Android 13 Virtualization Hack Runs Windows (and Doom) In a VM On Android (arstechnica.com) 14
An anonymous reader quotes a report from Ars Technica: Here's a fun new feature of Android 13: working virtualization support. Google is building virtualization into Android for its own reasons, but Android developer kdrag0n has commandeered the feature to boot ARM Windows 11 and desktop Linux. The developer even got the Windows version of Doom running, all inside a VM on the Pixel 6. kdrag0n says that Android 13 has "full KVM functionality" at "near-native performance." You need root to enable the functionality, which doesn't support GPU acceleration. The functionality also doesn't support nested virtualization, so while you can now run Android on Windows and Windows on Android, making an infinitely nested OS turducken is out of the question.
This makes for a neat demo that's not at all what Google wants to do with Android's upcoming VM support. Esper's Mishaal Rahman has been meticulously tracking Android's virtualization progress for some time now, and the apparent plan is to someday (maybe in Android 13) use virtual machines as a security and privacy sandbox for various features. Imagine instead of processing sensitive data at the normal app permission level, the data could be processed in a separate OS, so any attackers would have to break through the app security model, then Android, then the hypervisor, then this other, private OS.
This makes for a neat demo that's not at all what Google wants to do with Android's upcoming VM support. Esper's Mishaal Rahman has been meticulously tracking Android's virtualization progress for some time now, and the apparent plan is to someday (maybe in Android 13) use virtual machines as a security and privacy sandbox for various features. Imagine instead of processing sensitive data at the normal app permission level, the data could be processed in a separate OS, so any attackers would have to break through the app security model, then Android, then the hypervisor, then this other, private OS.
Does sound kinda neat. (Score:5, Interesting)
Imagine instead of processing sensitive data at the normal app permission level, the data could be processed in a separate OS, so any attackers would have to break through the app security model, then Android, then the hypervisor, then this other, private OS.
Or imagine an attacker hitting the private OS directly because it had an internet connection. Still pretty cool to have figured it out.
Re: (Score:2)
Mod parent up-- Google has decades of being pounded on-experience to catch up on. Virtualization is non-trivial, and worse, the ARM architecture must emulate a lot of how X64 does virtualization to make it work, or go faster. ARM wasn't designed for this.
The upside is that ARM cores are truly cheap by comparison to X64, and running ported OS or native ARM VMs won't be expensive.
And because Google supports everything forever, we know that thirty years (actually thirty months) could be the lifecycle.
Re: (Score:2)
They don't need to emulate x64 virtualization - it's mentioned in the article that you can't run another level of virtualization.
Also, they run Windows 11 for ARM - so nothing x86 or x64 is necessary.
As for the DOOM, they probably run an ARM port of DOOM so again nothing x86 or x64 is necessary.
Neat trick nonetheless, but it's virtualization not emulation of a different binary architecture.
Re:Does sound kinda neat. (Score:5, Interesting)
We agree.
Nonetheless, the maturation of chip support for security, NUMA within sandboxes, and a long list of features used to support virtualization are currently missing in the ARM family.
I'm no great fan of X64 either, so don't mistake this for Intel/AMD fanboi-isms. There's a lot of fabric needed to keep the sandboxes from killing both each other, and the underlying I/O fabric(s).
It's not rocket science, but it's not simple, either. Various ARM platforms are becoming architecturally monolithic, too. Evolved ARM virtualization platforms will need architectural standards to permit evolved security fabrics to become "norm".
What's really wanted is two Androids (Score:5, Interesting)
I want a real Android AOSP on the metal and a Googly Android in a VM where it can't do harm. When do I get that?
Re: (Score:2)
Yes please. I'd also be interested in trying out VM'ed Phosh, Plasma Mobile, SXMO, UBPorts, et al.
Re: (Score:2)
Try GrapheneOS on a Pixel phone. You can sandbox all of the Google services and other spyware. I'm getting roughly 3 days of battery life on my Pixel 6 Pro, with zero apps running in the background.
https://grapheneos.org/ [grapheneos.org]
Re: What's really wanted is two Androids (Score:2)
On a pixel phone that costs three or more times as much as the perfectly good phone I own now? Fuck that sideways.
Re: What's really wanted is two Androids (Score:2)
dual use (Score:4, Insightful)
Now your private information can be given to two companies at once.
Something similar exists now... (Score:2)
But does it run Crisis? (Score:2)
Re: (Score:2)
A future I've dreamed of (Score:2)