This isn't quite correct. From Simon Fels [0], we see that
"Despite the nature of Anbox, Anbox Cloud is not open source and a commercial product. It is based on the same underlying ideas of Anbox but is a completely separate code base."
> It is a valiant effort (lead by u/mrmorph) even if the open source version is limited and runs Android 7.
I really hope that all distributions of Anbox for PureOS, postmarketOS, etc. will soon start distributing a newer system image. Nothing prevents this and it would make Anbox actually useful.
It's probably a heavily modified fork that integrates more deeply into the operating system. It wouldn't make sense to completely redo all Anbox does for dispatching Java calls and emulating Android device behaviour, but to turn Anbox into a product that natively scales in the cloud probably requires extensive modification of the Anbox codebase.
The link says it's just a different product that licensed the trademark. Or maybe they are violating GPL but hiding it in their server code. That would take a lot of chutzpah though so I wouldn't allege that.
>start distributing a newer system image.
Older system images would potentially be useful, too, if only for toying around with abandoned apps too old to run on new systems. I'm thinking similar to how Wine appears as different versions of windows to different apps.
These kinds of open source emulators or similar stuff usually driven by individuals and often have risk of being unmaintained. But this project is used by larger companies like Canonical so we can expect better support.
https://github.com/Cloudef/android2gnulinux
There's also this clean-room implementation of android apis and bionic->glibc translation layer that I worked in past. It can launch some unity games, and cli tools usually work. I used this mainly to reverse engineer chinese DRM in some android apps.
It's not neccessary. It's just something I did for fun, and other non clean-room implementations already exist such as anbox. It also feels bit more hygienic for not needing to run any actual Java code :) Some actual value, this project could give is linux compatible versions of some android apis, easing porting.
I'm playing with it on my Librem 5 sometimes out of curiosity. I didn't expect much, but some apps actually work really well (Element, Conversations, Android builds of my Allegro games etc.). Even tried Among Us which is a Unity game and it's... kinda playable (there is a problem with some shaders making it hard to play, but it all works otherwise - haven't debugged it yet though).
I've been pleasantly surprised at how well one of the premium nautical chart apps work under Anbox. It counts as the same license as my phone (no additional cost), and the ability to sit at home and plan a trip on a high resolution monitor with very good mouse/keyboard ergonomics and blazing fast render when moving around, is just night and day compared to doing it on my phone. I can even run it splitscreen with a proper web browser for reading about potential destinations, running Google Earth, etc.
Hard to say since currently some media service seems to be constantly restarting in the background due to some problem with how the Android image is built, eating some CPU all the time - so I tend to stop the container when I'm done with using it.
Of course I haven't, I'd install microG if anything (but haven't yet). I don't use web notifications at all though so I haven't even thought about testing that - but as far as I know, Anbox doesn't have any way to push notifications out of the Android container into host system so far (but it shouldn't be hard to implement; plus I guess you could even just install KDE Connect inside Anbox and synchronize notifications that way as a lazy hack).
I installed Android 9 x86 on an old laptop but without a touch screen the experience was quite bad. Osmand would not run full screen, it might have been my mistake but I didn't continue further.
There's a fantastic dockerfile that is set up to run Anbox in a container and expose a VNC connection. Tested to work on cloud (DO/AWS): https://github.com/aind-containers/aind
Can this be used to run a single application in a VNC window? I've been looking for a solution for running Android applications on Linux that support multi-user environments (Anbox only has one Android space, all apps and data are shared between Linux users) and this seems like it might work for my use case.
One of the reasons I am not switching to an "alternative" platform like librem or pinephone is that I need apps for things like banking, which are available for iOS and android only.
With a working android emulation I could switch from android much easier.
I've heard this a couple of times and it seems a bit strange. My bank is entirely online and has a very nice app (USAA) but there's absolutely nothing that can be done in the app and can't be done with their webpage.
Is this something that happens often in eg Europe?
The login shortcuts make it somewhat worthwhile. Many of the finance apps have a 'quick view' function and also allow for faster logins via specific PINs and such. It is a convenience to quickly check balances or recent transactions while using the phone.
There is a European banking regulation mandating 2FA. Apps are starting to be mandatory because they generate the OTP or authorize access: start logging in in the browser on the computer and authorize the access with a fingerprint in the app.
If the app is on the same device as the OTP, that's not really 2FA, since the device has both factors on it, making the device 1 factor. Maybe 1.5 factor since there are ways to steal a password without getting access to the device. Anyway the computer or a dongle can be the OTP device just as well as the phone can.
It is two factor still. For example, if you need to give a OTP through sms after puting the credentials. It is possible someone stole the credentials and entered them on another device, but he also has to put the OTP sent through SMS to prove he is also in possesion of the phone number and thus makes the authentication a two factor. If you think both authentications on the same device is one factor, both authentications in the same room is also one factor, going by the same logic - an attacker will have you and everything needed to force his way into your bank account together, then he only needs a big baseball bat to do the job.
This is what I usually do: login on the computer and authorize on the app with a fingerprint or a PIN. It depends on the bank and doesn't require signin in into the home banking, only opening the app. The access to home banking in the app is always by fingerprint.
> but there's absolutely nothing that can be done in the app and can't be done with their webpage.
I have never gotten the check deposit tool to work on the website. I know it is nonexistent in the mobile site. So for me, the only way to deposit a check (with USAA) is to either mail it or use the Android app.
Wow I forgot about check depositing, the last time I did that I still had an account with a bank with physical branches and didn't bother with "online banking."
There's more examples, but the main feature I'd lose is contactless pay with my phone. Which I could live without, but it's such a nice feature that I use multiple times a day that I'm not sure what it would take to get me to give it up.
I think that the US doesn't use mobile payment a lot, so it might not be obvious (if you're in the US, that is)
If you manage to get a device ID, which wasn't too difficult last time I checked, you can install all the Google crap you want, including the Play store. Rare banking apps will work without any Google crap, most will require Google Play Services (microG works sometimes too), so even without a store, you can just get the APK from wherever and you're good. Modification detection can be handled with Magisk Hide, root detection with RootCloak, custom XPosed modules for the sneakier ones.
Occasionally you will see apps using obfuscated native binaries to do advanced detection, but those are rare enough that you can just switch banks.
> Modification detection can be handled with Magisk Hide, root detection with RootCloak, custom XPosed modules for the sneakier ones.
Not really, if they're not using hardware attestation for Safetynet they will do soon. And even the developer for Magisk believes there's no practical way around that.
Thankfully that hasn't rolled out everywhere yet, and most banking apps I've used rely on less sophisticated methods of tamper detection (like RootBeer).
Hopefully Orange Man's little trade war slows down adoption by devs somewhat, but once that fizzles out, we might have to start looking at a regulatory angle. I don't like that idea, but what other choice do we have? Google clearly doesn't listen to their customers (or rather, we aren't their customers) and good luck even getting in touch with a bank's dev team, let alone convince them to do something that, to their uneducated higher-ups at least, looks like a security downgrade.
I'm not sure what you mean by that. You can get the APK directly from the Play store with some clever trickery (see the Evozi downloader), but even downloading it from any of the dozen or so mirror sites is secure, if that's your concern, because APKs are signed with the developer's key.
The reason I said "from wherever" is that sharing APKs G Play is a legal grey area and I didn't want to mention one specific way of getting them because there are many, all with different pros and cons.
I have managed to install anbox & the modules successfully in Xubuntu (without snap). However, _application manager service_ needs to be started, and I am at a loss how to do this...
(I’ve since switched to ArchLinuxARM (and published several videos on how Anbox runs on t he PinePhone on YouTube) and won’t go back unless that breaks, so I don’t know what the current state is on Mobian.)
I actually tried it with snap on fedora some time ago (maybe a year or two) and it did not work. I guess snap is cross platform as long as the platform is ubuntu, kind of like .net in that.
I've used it for a bit on Manjaro through snap, it worked for me. However, when I launched it, it did not clearly warn me about the kernel modules I needed to install in order to get it to work, which was a pain. The errors were kind of vague so it took me a while to see that I needed some DKMS modules to make it work.
That was true for old .net, but I have successfully run .net core apps on Linux and to my greatest amazement it worked the first time (granted I waited .net core 3 to test it, so all the bugs have been ironed out).
Yeah that is fair, .net is actually not really that bad these days with .net core and mono. Microsoft is making an effort which is paying off and I can fault them for many things but not really that so much.
I wonder if I could run Whatsapp in this, as a bridge to Whatsapp Web (for its Matrix bridge).. It should be more efficient than running a full Android VM from the Google Dev tools.
Has anyone tried this? I suppose the biggest issue will be the scanning of the QR code, as I don't think webcams are supported.
Would it be able to access your contacts? I'm afraid WhatsApp needs them.
Suppose I'm the owner of a Linux Phone and run WhatsApp in Android in a Box. Should I maintain an address book inside the box (can it even fit into the same box of WhatsApp?) And how do I attach the pictures I take with my phone or the files I have on my local storage? Etc.
It doesn't really need them actually if you use it through the bridge. Using that you can start a new message just by number.
Even with the app itself you can deny access to contacts after installing and it works fine, just all the names are replaced by numbers. The only problem then is that you can't start a new chat. But through the bridge it works, already tried.
FWIW If you know the number, you can use the web URL ws.me/<phone_number_with_country_code> to initiate a chat even if the contact is not saved/without granting contact access
Can this potentially run on WSL2 or the upcoming WSLG, cos that'll make life perfect for anyone running Windows (I'd use it as an emulator for my development needs)
> Microsoft's first foray into achieving Unix-like compatibility on Windows began with the Microsoft POSIX Subsystem, superseded by Windows Services for UNIX via MKS/Interix, which was eventually deprecated with the release of Windows 8.1. The technology behind Windows Subsystem for Linux originated in the unreleased Project Astoria, which enabled some Android applications to run on Windows 10 Mobile.[17] It was first made available in Windows 10 Insider Preview build 14316.[18]
It seems like it could, but you have to compile a custom kernel with Android Binder enabled which, while possible in WSL2, is a bit of a pain in the ass
> Microsoft's first foray into achieving Unix-like compatibility on Windows began with the Microsoft POSIX Subsystem, superseded by Windows Services for UNIX via MKS/Interix, which was eventually deprecated with the release of Windows 8.1. The technology behind Windows Subsystem for Linux originated in the unreleased Project Astoria, which enabled some Android applications to run on Windows 10 Mobile.[17] It was first made available in Windows 10 Insider Preview build 14316.[18]
I wonder if we will reach a point where Android might become the standard way to make apps across every platform. The framework seem abstract enough that it seems like run on different kernels (e.g. fuchsia). Would be interesting to see a native Android implementation on Mac and Windows.
As someone who’s been writing both iOS and Android apps for almost a decade now. This made me chuckle, the sheer absurdity of Android being the standard when Google can’t even ensure mass adoption for their latest releases is just too ironic.
They can't ensure mass-adoption because manufacturers modify the Android source code... for Linux computers, there's no need for that level of modification because the competition isn't fierce there. Sure there's different distros for Linux, but an Android layer or OS to run Android apps wouldn't be much different.
Ensuring that people are using the latest version might become easier if the framework becomes unbundled from the OS. I bet every Chromebook and Chromecast is using the latest Android version.
I think that Android is a stepping stone. I expect to see things outright superseding it, or Android receiving a capital overhaul to fix the current situation where every phone uses an Android fork that must be maintained separately (though I think Android will run out of steam sooner than this will happen).
I tried Anbox on a relatively fast tablet a few months ago and it was a bit choppy, but everything worked! Something I found weird is that it needs a daemon to run, integration didn't seem very deep yet either.
Longer term I'd be happy if it was deeply integrated, with Android apps running just like native ones.
Currently it still seems to need a daemon and a complete running Android system. Does anyone know whether it's something one could get around or are we stuck with that?
What would it take to investigate whether Western branded phones also send personal information to third-party via a bloatware like Digital Turbine's app?
Doesn't Sailfish have its own proprietary Android compatibility layer, at least in the official/commercial version? Of course that doesn't preclude anbox, but it's another option.
It does, in the Sailfish X variant (the one you pay for). I haven't tried that one, but I have a genuine Jolla phone with a much older version of Sailfish, and I run a lot of Android apps there - they all work fine. What doesn't work for me are apps needing the Google thingy API, which aren't that many.
I was literally looking for a Linux distribution of NewPipe to play music, and saw this and was like "oh dope, I'll just install this on my PC and install NewPipe on it! Bummer there's no install documentation for building from source or apt availability... I don't use Snap on Regolith Desktop :(
Anbox is currently only distributed as a snap as snaps makes the life for us developers pretty easy. They allow us fast and easy packaging, easy distribution to our users, as well as regular and fast updates. Flatpak would be another alternative but we didn't investigate this yet, nor are we planing to do so in the near future. However, we're happy to accept contributions from the community around Anbox to provide necessary changes to distribute Anbox as a flatpak package too.
One thing which Anbox currently doesn't do is using proper confinement for snaps. Right now it is only usable when installed in the so-called devmode of snaps which disables any confinement. This is something we will work on over the coming months with upstream to allow our snap to be fully confined.
Despite snap confinement being disabled, the Android system still stays separate through the use of Linux namespaces from the host system.
I've gotten it running on Arch without Snap, so it's not a hard requirement, just a convenience. But I haven't tried it recently as Anbox needs a custom kernel since Linux 5.7, which I am too lazy to do, so the situation might've changed.
They can practically only be distributed by Canonical. It's technically possible to point to a third-party server, but (1) it only supports one, so you have to stop using Canonical's and (2) there is no open-source server software.
Or they could just not use it and let the developer know that their poor choice of packaging format is why they aren't using it. Either the developer cares enough to take this feedback to heart or they don't.
Almost everything really big and complicated has been upstreamed by now (binder, ashmem, EAS, many Qualcomm drivers, ...). Some commercial phones can boot Android from a mainline kernel including the Pixel 3 and the Poco F1.
Anbox requires your kernel to have ashmem and binder, which are included in the ckt (Canonical) kernels or they can be loaded by DKMS if you don't have them already.
Yes, this is generally possible. However Google doesn't allow anyone to ship its applications as long as the device is not certified and the vendor didn't sign an agreement with Google.
The Anbox project does not have any interest in shipping the Google Play store and we're not allowed to do so. We may add an easy way for our users at a later point which allows easy distribution of Android applications suited for the Anbox runtime environment.
> Is it possible to install the Google Play Store?
There are many apps from great free software repositories such as https://f-droid.org that many people may want to use. Further, many apps from Google Play can be installed without the Google Play store.
Google is mainly concerned about uncertified phones being distributed at a large scale. For individual tinkerers, this feature is offered to get individual phones permitted.
It's very easy and very well tested so it's probably secure. Installing GApps is a really common step when loading a custom ROM onto phones. It shouldn't be any different here.
The codesigning system for APKs is considered secure, and in fact the Google Apps public key signatures are embedded into Android itself instead of just being the normal TOFU (this is why MicroG requires a whole separate ROM instead of just a flashable zip).
FWIW it's pretty straightforward to copy an app from a phone to an .apk file on a Linux machine using adb, so if you have an Android device, you can always install from the Play Store on your phone
This is great exactly for that reason. Although it may seem strange, many of us would use Android just because they're forced to use that one or two apps, not because they need the whole system. In my case, I have absolute zero needs for Android, except for opening Whatsapp like 3 times a week for a few minutes. Since Whatsapp web is a joke that would force me to even keep a smartphone around, I'm currently keeping home an Android tablet just for that app I use a few minutes per week, which is also less than optimal.
Hopefully one day the Pinephone (I'm seriously considering to purchase one) will allow Android virtualization, so I'll be able to move a minimum virtualized Android system dedicated to Whatsapp onto that phone and ditch the poor tablet for good.
It is a valiant effort (lead by u/mrmorph) even if the open source version is limited and runs Android 7.
There's a community of over 1K enthusiasts on the telegram group: https://t.me/anbox
Previous discussions:
https://news.ycombinator.com/item?id=14090482 (317 points, April 2017)
https://news.ycombinator.com/item?id=17886542 (98 points, August 2018)