Android 15’s virtual machine mandate is aimed at improving security

1 week ago 6
Android 15

Robert Triggs / Android Authority

TL;DR

  • Google is requiring new chipsets that launch with Android 15 support to implement support for the Android Virtualization Framework.
  • The Android Virtualization Framework provides a secure and private execution environment for highly sensitive code and is required for Android’s upcoming Linux Terminal app.
  • It’s already supported by many Android devices, however, no Samsung devices support the feature yet.

While the best Android phones certainly have the raw hardware to go toe-to-toe with the average laptop, most of them don’t have the right software features to replace them, even if you hook them up to a bigger screen. Google is working on turning Android into a more full-fledged desktop operating system, though, and part of those efforts include allowing for Android devices to run other operating systems in virtual machines. However, not every Android device supports the feature that enables virtual machine support, but thankfully, Google is requiring that new chipsets that launch for Android 15 will.

You’re reading an Authority Insights story. Discover Authority Insights for more exclusive reports, app teardowns, leaks, and in-depth tech coverage you won’t find anywhere else.

With the release of Android 13 in 2022, Google introduced a feature called the Android Virtualization Framework (AVF). The initial use case that Google envisioned for AVF is to provide a safe environment to compile security-sensitive code. For example, when the Project Mainline module for the Android Runtime (ART) is updated, certain code needs to be recompiled. Thanks to AVF, this code can be securely recompiled in the background by a stripped-down version of Android running in a virtual machine, reducing the long boot delay that would otherwise occur if the code were to be recompiled post-reboot.

Isolated compilation, while nice, is just one of many ways that AVF can be utilized. Google also envisions it’ll be used to handle DRM applications like Widevine and proprietary machine learning models that companies don’t want to be leaked. As we saw earlier this year, though, Google has much bigger plans in store for AVF. The company sees it being used to run full-fledged operating systems in a virtual machine. Google at one point even experimented with running Chrome OS on Android devices via AVF, a project that was, unfortunately, just a proof of concept.

Chrome OS running on a Pixel Tablet

Google merely used Chrome OS to demonstrate the enhancements it made to the Android Virtualization Framework in Android 15, proving that it could run alternative operating systems with full graphical interfaces. While Google ultimately didn’t move forward with shipping a one-click app to run Chrome OS in a virtual machine on Android, it did start development on a Terminal app that will let you run Linux apps on Android devices. This Terminal app is an all-in-one app that downloads, configures, runs, and interfaces with an instance of Debian running in a virtual machine. The app uses APIs provided by AVF, which means it’ll only work on devices that support the framework.

Here’s a first look at Android’s upcoming all-in-one Terminal app, which downloads, configures, runs, and interfaces with an instance of Debian running a virtual machine!

Currently, the Debian images are hosted on a Googler’s GitHub, but Google plans to host these images… pic.twitter.com/nMVwPRrQO9

Many Android devices already support AVF, thankfully. According to the Google Play Console’s device catalog, there are already 361 device models that support AVF. This includes every Pixel since the Pixel 6, as well as numerous models from OEMs like OnePlus, Xiaomi, Motorola, Vivo, Tecno, OPPO, and more.

361 Android devices currently support AVF

Mishaal Rahman / Android Authority

Notably, though, there isn’t a single Samsung device on the list, regardless of chipset. It’s not clear why Samsung devices don’t support AVF, but perhaps it conflicted with Samsung Knox in some way.

No Samsung devices currently support AVF

Mishaal Rahman / Android Authority

In any case, Google is now moving towards making AVF support a requirement for all new chipsets, which in turn should mean new Samsung devices will be forced to support it. According to this patch, the latest version of VSR, short for Vendor Software Requirements, mandates AVF support for devices launching with vendor API level 202404, which corresponds to Android 15.

Android 15 AVF requirement 1

Mishaal Rahman / Android Authority

Thanks to a trusted source, I obtained a copy of the Vendor Software Requirements for Android 15, which confirms that chipsets that launch with the aforementioned vendor API level must declare support for AVF. That applies to chipsets like the Qualcomm Snapdragon 8 Elite, the MediaTek Dimensity 9400, and the upcoming Exynos 2500. This document says that if these chipsets also support protected VMs, then they must support OTA updates for the VM in Android 15. In addition, the document states that Android 16 will require protected VMs to support additional security features like Remote Attestation, the Open Profile for DICE, and Secretkeeper 1.0.

Here’s Ubuntu 24.04 LTS running in a virtual machine on the new @OPPO Find X8 Pro, powered by the @MediaTek Dimensity 9400.

As I’ve mentioned before, Google has been working with @Qualcomm and MediaTek to upstream their hypervisor implementations (Gunyah and GenieZone… pic.twitter.com/DRcpseNuVL

While it will be a while before most users can take advantage of AVF to do things like run Linux apps, it’s still important for devices to add support for it now. That’s because the use cases of AVF will grow as Google continues to develop it. As far as I can tell, Google plans to implement the Linux Terminal app in next year’s Android 16 release, but again, only devices that support AVF will be able to take advantage of it. With AVF becoming a chipset requirement, though, it will hopefully mean that even Samsung devices will support the Terminal app in next year’s update.

Got a tip? Talk to us! Email our staff at [email protected]. You can stay anonymous or get credit for the info, it's your choice.

Read Entire Article