Anbox on SFOS phones

Wifi being available is different from controlling the hardware. Of course wifi connection is also available in Anbox.

Well, the community can port an install that if they want to. I don’t know how good those community ports are but I wouldn’t use one as long as I can use an official version. And the official OS has AD, therefore I don’t see any reason to port Anbox - further more Anbox is still in an early alpha stage.

2 Likes

This is true, however, Jolla’s range of officially supported devices is limited, it should allow selling AD licenses (with limited support) at least for unofficial SFOS ports that meet basic criteria, e.g. AOSP, kernel version. Otherwise Antbox will grow and fill the gap.

@0312birdzhang what happened to your Anbox port for SFOS, couldn’t it be upgraded to 3.4.0.22? Is Purisms adaptation of Anbox open source? Couldn’t it be adapted to the Xperia series!? :slight_smile: Thanks!

@Firefox84, see https://anbox.io/#collapse1 (being a bit more specific than @4carlos).
So this seems to be a clear “No”, which is logical, because AlienDalvik and Anbox use the same design: A single kernel (“shared” with the host GNU/Linux-Installation), plus isolation per chroot-environment (AlienDalvik4.x) or LXC-container (AlienDalvik8.1 and Anbox).

Mind that Anbox currently lacks any kind of integration into the host GNU/Linux besides shared filesystem and being able to use a generic network interface, AFAIK. So no shared clipboard, cross-environment “intents” (apps calling apps) etc. or the new telephony / SMS integration for AD8 in SFOS3.4.0.

There is an Anbox crowdfunding campaign. It’s for UT but I imagine that SFOS Ports could profit from it as well.

http://gf.me/u/znh5j2

4 Likes

I always use a web browser…

and its acually the volla phone (community) that started the campaign

1 Like

Related, I tried a Sailfish OS port but it did not work, I shared details in comments: https://together.jolla.com/question/162876/anbox-on-sailfish-os/

In addition to Purism, Anbox is supported on postmarketOS (https://wiki.postmarketos.org/wiki/Anbox) so it would be nice if we can use it on Sailfish OS / Nemo Mobile.

Here is a comment I added on the related thread:

Anbox has the advantage to be open source compared to Myriad’s Alien Dalvik and Anbox uses LXC, which would prevent an Android app from installing a spyware on SailfishOS.

Security note: to prevent an Android app using a spyware to track the host OS (keylogger, screenshots, clipboard), LXC should be used with X11 isolation: https://github.com/anbox/anbox/issues/714

3 Likes

Just as an additional comment, on Sailfish the Android layer now runs under LXC as well. Here it runs on my XA2 with 4.0.1.48:

lxc-start -n aliendalvik -F

If I am correct, this was not the case in the older Android 4 compatibility layer as it is on Jolla 1, Jolla C and Xperia X.

4 Likes

Do you know if X11 isolation is used for the LXC container of Alien Dalvik? I updated my previous comment to mention this security issue.

I don’t know :slight_smile: I am even a bit surpised if this is relevant. Sailfish OS doesn’t use X11 but Wayland. Just checked, but Xwayland is not installed either.

1 Like

Note that SailfishOS never used, deployed or offered X11 for installation, hence any related functionality shall be switched off for a SailfishOS port, anyway.

Also note that AlienDalvik uses LXC for long: since the release of AD8 for the Xperia XA2 series with SailfishOS 3.0.1 in December 2018!

1 Like

Unfortunately LXC is not used for Android apps on the original Jolla phone I am using, if I understand correctly. It could be useful if someone can test if the security with LXC on Wayland is the same as LXC with X11 isolation, for example by installing an Android app that can record keys, do screenshots and read the clipboard to see if we can get information from Sailfish OS apps.
So maybe if we will be able to use Anbox on Sailfish OS, there will be isolation by default on Wayland.
Anbox would still have the advantage to be open source compared to Myriad’s Alien Dalvik.

Yes, AlienDalvik before v8 never has and never will use LXC, i.e. on any “officially supported SailfishOS” device older than the XA2 series: Jolla 1, Jolla C / Intex Aquafish, Jolla Tablet, Xperia X.
There are a multiple reasons for this, mainly technical hurdles.

Have you successfully tested that on your Jolla 1?
If so, please describe your steps to reproduce.

???
Either you do that or probably nobody will.

Yes, that is the only advantage, while there are still a lot of disadvantages, the biggest being the lack of any integration (clipboard, intents, notifications etc.).

BTW, you switch each integration component for AlienDalvik off, if running them in the background is your concern.

I don’t think he’s making a direct mention to LXC on his Jolla 1, given he immediately implied he wasn’t using LXC on Jolla 1.
He’s just mentioning it as a whole. In this case, LXC already works well running ARM apps in a desktop fashion, thanks to the F(x)tec Pro1.
Also, consider that people willing to run Sailfish OS on a community device, and willing to run Anbox, probably will accept the limitations if it means they can run the most bare essential apps they need from F-Droid, and run the rest natively.

The list of restrictions is long and anyone who wants to use Android apps expects more convenience.

Problems

GPS, Bluetooth, sound playback, camera, app installation, clipboard, notifications, access to the file system inside and outside the container, key assignment in the keyboard and so on. Phone functions, SMS, MMS ?? Hardware sensors ??

This is a conceptual study and not to work effectively. Examples: A messenger may work, but no pictures/video/audio/files are sent, no notifications. Better to write an SMS. Conversations and Threema work, but with many restrictions as described above. Navigation? No speech output, no GPS. Many apps from F-Droid work, but rarely completely. As soon as a special function is included (example show pictures from the gallery, etc.), there is no access to the file system. Either the screen stays blank or the gallery crashes. Take a photo? It does not work…

I’ve tried it on a Nexus 5 with UT where it comes pre-installed. The expectations that some have are not met. Anbox doesn’t solve any problems, Anbox makes new ones for ambitious users :wink:

I forgot. The phone needs a back button, otherwise you won’t come back from the menus and you have to quit and restart the app.

3 Likes

But it runs without too much crashes, is what I read here. That is already better than a few years ago.

That’s right, but not really useful because of the high power consumption. It halves the battery life on the Nexus 5 and the Pinephone. - and no app is running! There are still crashes if functions that have not been implemented are called.

A nice gimmick but not for serious work… but everyone has to decide for themselves.

2 Likes

To do screenshots from the command line, I was able to test with Anbox on my computer using adb shell and a command like screencap -p /sdcard/Pictures/screenshot.png. Only the Android app was in the screenshot, so that’s good (maybe the result with other screenshot apps is different). When I tried the command screencap on my Jolla 1 smartphone, the screenshot was empty but finally I was able to take a picture only of the Android app that is currently displayed, using sleep 5; screencap -p /sdcard/Pictures/screenshot.png so I have 5 seconds to display the Android app before the screenshot is taken.

Using Anbox on my computer, I was also able to record all clipboard changes using the open source Android app https://github.com/PRosenb/AdbClipboard with this command (read and display the clipboard every second):
while true; do sleep 1; am broadcast -n ch.pete.adbclipboard/.ReadReceiver; done.
So this is a good reason not to run Android apps in the background when we don’t want the clipboard to be shared. I was not able to reproduce this command on Jolla 1 but the clipboard is shared also for the app currently displayed, for example when using Firefox Android app.

Feel free to test these commands on other Sailfish OS devices. Another security / privacy issue that I had with Android on Jolla 1, is that any Android app can read and create files in Sailfish OS folders which bypasses the chroot isolation (I added a comment about this on https://together.jolla.com/question/107023/running-android-in-lxc-container/). I don’t know if it also happens with other Sailfish OS devices using Android in an LXC container for isolation but at least it does not happen with Anbox on my computer.

I haven’t tested with an open source Android keylogger yet.