Virtual Machine as a core Android Primitive

Back at university one lecture included an infographic about how CPU and operating system features like MMU, increasing register width and the like all started at mainframe-scale installations and trickled down to desktop scale systems and later to handheld devices at a surprisingly consistent pace. It was the time w2k was trying to make NT features mainstream and J2ME arrived on phones. I extrapolated a little and made a joke about multi-user concepts arriving on phones and a few years later Android was right on schedule (when that happened, repurposing Linux users as units of app isolation was the headline feature in tech news).<p>By that measure, virtualization is long overdue, but I really can&#x27;t claim that I&#x27;m not surprised.

Looks like something absolutely overengineered and unnecessary. Why do you need a virtual machine with a separate kernel? Why do you need to protect it from kernel? I guess, it is made mostly for playing DRM content?

How does two way isolation work? How do you prevent the host kernel (which presumably has full control of the hardware?) from inspecting the guest VM?

So what is something running in this virtual machine allowed to do? Talk to the Internet? Talk to the screen? Talk only to whatever started it?<p>How much of this is closed source?

The use of the word &quot;privileged&quot; seems to imply that only system apps will be able to use this - i.e. no installing virtual machines off Google Play anytime soon. Bleh.

Its annoying that I can&#x27;t use this without greater-than-normal-user access.

Will this allow running linux VMs on any Android device ? Via something like nestbox: <a href="https:&#x2F;&#x2F;www.patreon.com&#x2F;posts&#x2F;74333551" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.patreon.com&#x2F;posts&#x2F;74333551</a> ?

So on desktop, if I spin up a VM with networking disabled I feel pretty confident I can run anything safely, even malware is not going to escape.<p>What&#x27;s the current state of the art for Android virtualization? Let&#x27;s assume we&#x27;re talking about the newest Pixel and newest Android version. Is there any way to safely run malware or the Facebook app in some sort of air-gapped container and throw it away when you&#x27;re done?

Why does the tutorial for creating a demo app, <a href="https:&#x2F;&#x2F;source.android.com&#x2F;docs&#x2F;core&#x2F;virtualization&#x2F;writeavfapp" rel="nofollow noreferrer">https:&#x2F;&#x2F;source.android.com&#x2F;docs&#x2F;core&#x2F;virtualization&#x2F;writeavf...</a>, only work on Cuttlefish (emulator)?<p>Nevermind, only the demo app, not the tutorial, so who knows what its doing.

Another salvo in the war on general purpose computing.(<a href="https:&#x2F;&#x2F;lwn.net&#x2F;Articles&#x2F;473794&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;lwn.net&#x2F;Articles&#x2F;473794&#x2F;</a>)

Although this is very exciting. Surely performance is not the benefit here? It won’t perform better than android app built not on top of the virtualisation tdchnology?

How lightweight are these? Can I start 100 Vm&#x27;s to render content from 100 web origins in a secure web browser?

Two-way isolation seems like it&#x27;d only be useful for DRM and Treacherous Computing.

I wonder if this has anything to do with RISC-V and them needing TrustZone equivalent functionality in that environment.