The operating system Android already makes use of virtualization to interface with Linux processes: remember, in fact, that the green robot’s kernel is based on GNU/Linux. Google announces, however, that on select Android 14 devices it becomes available Android Virtualization Framework (AVF), a solution that actually enables and makes the Android virtualization.
What is Android virtualization with AVF and how does it work
With AVF, Google’s operating system for mobile devices comprehensively embraces the “fundamentals” of virtualization. The virtual machines they thus become a fundamental component of the Android operating system with developers finally having the possibility to flexibly choose the isolation level of their code:
- One-way insulation. The Android host can control and inspect the contents of the virtual machine. This is a particularly useful approach for business activities sandboxing and for the separation of workflows. In this way it is even possible to run multiple instances of the operating system or multiple different operating systems on the same device. Android, or the host platform, is responsible for controlling and supervising the functioning of all the others.
- Bidirectional Isolation (Isolated VM). In this case, the Android host and the virtual machine guest they are completely isolated from each other. Developers who handle or store sensitive data can benefit from an isolated virtual machine to create an effective barrier. Neither the host Android device nor the virtual machine has access to each other’s file systems and resources.
The main advantages of AVF on Android 14 and above
Preparing one isolated virtual machineAndroid developers finally have an alternative to Trustzone to separate their applications without necessarily having to resort to using elevated privileges.
Virtual machines, and the applications running within them, result portable and allowing unrestricted multi-device deployment. Furthermore, AVF is designed to be light, efficient and flexible: virtual machines can have variable dimensions, be persistent (therefore also retaining data as they are stored) or can be activated on request. They can also automatically adapt their operation to the state of the Android device (avoiding using up too many system resources).
Google technicians explain that thehypervisor pKVM, the heart of AVF, guarantees isolation between virtual machines. Furthermore, it has a attack surface smaller than the Linux kernel.
In conclusion, with Android 14 AVF makes virtualization more accessible, offering new tools and improvements in terms of performance and security. It is a tool that will play an essential role for developers and creators of Android platforms in the near future, providing an alternative for isolate workloads and applications more effectively and efficiently.
The opening image is taken from Android Developers Blog.