Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Android Virtualization Windows

Android 13 Virtualization Hack Runs Windows (and Doom) In a VM On Android (arstechnica.com) 14

An anonymous reader quotes a report from Ars Technica: Here's a fun new feature of Android 13: working virtualization support. Google is building virtualization into Android for its own reasons, but Android developer kdrag0n has commandeered the feature to boot ARM Windows 11 and desktop Linux. The developer even got the Windows version of Doom running, all inside a VM on the Pixel 6. kdrag0n says that Android 13 has "full KVM functionality" at "near-native performance." You need root to enable the functionality, which doesn't support GPU acceleration. The functionality also doesn't support nested virtualization, so while you can now run Android on Windows and Windows on Android, making an infinitely nested OS turducken is out of the question.

This makes for a neat demo that's not at all what Google wants to do with Android's upcoming VM support. Esper's Mishaal Rahman has been meticulously tracking Android's virtualization progress for some time now, and the apparent plan is to someday (maybe in Android 13) use virtual machines as a security and privacy sandbox for various features. Imagine instead of processing sensitive data at the normal app permission level, the data could be processed in a separate OS, so any attackers would have to break through the app security model, then Android, then the hypervisor, then this other, private OS.

This discussion has been archived. No new comments can be posted.

Android 13 Virtualization Hack Runs Windows (and Doom) In a VM On Android

Comments Filter:
  • by ddtmm ( 549094 ) on Wednesday February 16, 2022 @08:11AM (#62272449)

    Imagine instead of processing sensitive data at the normal app permission level, the data could be processed in a separate OS, so any attackers would have to break through the app security model, then Android, then the hypervisor, then this other, private OS.

    Or imagine an attacker hitting the private OS directly because it had an internet connection. Still pretty cool to have figured it out.

    • Mod parent up-- Google has decades of being pounded on-experience to catch up on. Virtualization is non-trivial, and worse, the ARM architecture must emulate a lot of how X64 does virtualization to make it work, or go faster. ARM wasn't designed for this.

      The upside is that ARM cores are truly cheap by comparison to X64, and running ported OS or native ARM VMs won't be expensive.

      And because Google supports everything forever, we know that thirty years (actually thirty months) could be the lifecycle.

      • They don't need to emulate x64 virtualization - it's mentioned in the article that you can't run another level of virtualization.
        Also, they run Windows 11 for ARM - so nothing x86 or x64 is necessary.
        As for the DOOM, they probably run an ARM port of DOOM so again nothing x86 or x64 is necessary.

        Neat trick nonetheless, but it's virtualization not emulation of a different binary architecture.

        • by postbigbang ( 761081 ) on Wednesday February 16, 2022 @09:12AM (#62272591)

          We agree.

          Nonetheless, the maturation of chip support for security, NUMA within sandboxes, and a long list of features used to support virtualization are currently missing in the ARM family.

          I'm no great fan of X64 either, so don't mistake this for Intel/AMD fanboi-isms. There's a lot of fabric needed to keep the sandboxes from killing both each other, and the underlying I/O fabric(s).

          It's not rocket science, but it's not simple, either. Various ARM platforms are becoming architecturally monolithic, too. Evolved ARM virtualization platforms will need architectural standards to permit evolved security fabrics to become "norm".

  • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Wednesday February 16, 2022 @08:34AM (#62272489) Homepage Journal

    I want a real Android AOSP on the metal and a Googly Android in a VM where it can't do harm. When do I get that?

  • dual use (Score:4, Insightful)

    by gtall ( 79522 ) on Wednesday February 16, 2022 @11:13AM (#62273033)

    Now your private information can be given to two companies at once.

  • I use UserLAnd, https://play.google.com/store/... [google.com] . It doesn't use virtualization but doesn't require a rooted device. I use Ubuntu with LXDE on it. It has quirks, but it does everything I need.
  • Gosh... I'm old.
  • Comment removed based on user account deletion
  • I've always thought that the OS should allow separate sandboxed "personas". That way you could use a single device, with one VM for work, completely separated from the VM with all your personal data.

Shortest distance between two jokes = A straight line

Working...