The Android Virtualization Framework (AVF) will be available on upcoming select Android 14 devices. The AVF, first introduced in Android 13 on Pixel devices, provides new capabilities for platform developers working on privileged applications.

With AVF, we are more broadly supporting virtualization to Android. Virtualization is widely used and deployed to isolate workloads and operating systems from each other. It enables efficient scaling of infrastructure, testing environments, legacy software compatibility, creating virtual desktops and much more.

With AVF virtual machines become a core construct of the Android operating system, similar to the way Android utilizes Linux processes. Developers have the flexibility to choose the level of isolation for a virtual machine:

• One-way isolation: Android (the host) can control and inspect the contents of the VM. These are most commonly used for sandboxing and separation, enabling multiple operating systems to run on the same machine / device, with one operating system host (Android) controlling and watching over all others.

• Two-way isolation (Isolated VM): Android (the host) and the virtual machine (the guest) are completely isolated from each other. Developers who deal with or store sensitive data may benefit from an isolated virtual machine. An isolated virtual machine has a two-way barrier, where neither the host (Android) nor the VM have access to each other, except via explicitly-agreed-upon communication channels. This has 2 main properties:

1. The workload and data inside the VM is inaccessible (confidential) from the host (Android).
2. Even if Android is compromised all the way up to (and including) the host kernel, the isolated VM remains uncompromised.

Benefits of AVF

Isolation

With an isolated VM, developers now have an alternative to Trustzone for use cases that need isolation from Android without escalated privilege.

Portability

Virtual machines and the applications running inside them are far more portable than trusted applets. For example, a Linux-based virtual machine with a Linux-application payload will work on all devices that support AVF. This means that developers can build an application once and deploy it everywhere. VMs also make porting of existing Linux based applications seamless and easy, compared to porting into a Trustzone operating system.

Performance

AVF is designed to be lightweight, efficient and flexible. Virtual machines can:

• be as small as a single C program and as big as an entire operating system depending on the developer’s need;
• be persistent or intermittent;
• grow in memory or shrink depending on the overall system health; and
• honor Android’s scheduler hints and low-memory warnings.

Extensibility

AVF is designed with developers in mind. Virtual machines can be customized to meet specific use-case needs. Developers can deploy any VM payload as long as it conforms to certain boot and communication protocols specified by AVF.

In addition to bringing the power of virtualization to Android and enabling all the possibilities of virtual desktops, sandboxing, AVF’s use of isolated virtual machines can benefit the following common Android use cases (and many more):

• Biometrics: By deploying biometric trusted applets in an isolated virtual machine, developers will have the isolation guarantee, access to more compute power for biometric algorithms, easy updatability regardless of the Trustzone operating system, and a more streamlined deployment.

• DRM: Widevine enables streaming DRM on Android devices. Once deployed in an isolated Virtual Machine, updates to Widevine become much easier across Android devices, regardless of the details of the various Trustzone operating systems being deployed on those devices.

AVF Usage

AVF provides easy APIs to query the device’s ability to create virtual machines and their supported types, and to set up secure communication channels with these virtual machines from applications and services that create them.

For example, to check for the availability of the AVF APIs, and of isolated and regular VM:

VirtualMachineManager manager =
     (VirtualMachineManager)context.
          getSystemService(VirtualMachineManager.class);
if (manager == null) {
    // AVF not supported
} else {
    int capabilities = manager.getCapabilities();
    if ((capabilities & CAPABILITY_PROTECTED_VM) != 0) {
        // protected VM is supported
    }
    if ((capabilities & CAPABILITY_NON_PROTECTED_VM) != 0) {
        // non protected VM is supported
    }
}

Please find additional documentation on AVF and its APIs here.

AVF Components

AVF consists of the framework APIs, the hypervisor, and the Virtual Machine Manager. The hypervisor guarantees virtual machines (including Android) are isolated from each other, much like how the Linux kernel does it for processes. The AVF hypervisor (pKVM), however, does that with a significantly smaller (~50x) code base compared to the Linux kernel.

The Hypervisor (pKVM)

The hypervisor is focused on open source availability, security, device assignment to VMs and security by isolation between virtual machines. It has a small attack surface that meets a higher security assurance level. AVF APIs and features are fully supported by the protected KVM hypervisor (pKVM).

pKVM is built on top of the industry standard Kernel-based Virtual Machine (KVM) in Linux. It means all existing operating systems and workloads that rely on KVM-based virtual machines can work seamlessly on Android devices with pKVM.

Virtual Machine Manager (crosvm)

crosvm, a Rust-based Virtual Machine Manager (VMM), provides the glue between the hypervisor and the AVF framework. It is responsible for creating, managing and destroying virtual machines. In addition, it provides an abstraction layer across multiple hypervisor implementations.

Isolated Virtual Machines

Isolated virtual machines are invisible to Android i.e. any process running in Android cannot inspect, see, tamper with the content of such a virtual machine. This guarantee is provided by the hypervisor.

Virtual Machines

Virtual machines are the same as isolated VMs, except they are accessible to Android processes with the right permissions and privilege.

Microdroid

Microdroid is a trimmed down Android OS package that is created to serve as a template for starting a virtual machine (VM). It provides developers with a familiar environment to build and run their workloads in a VM. Microdroid uses familiar Android tools and libraries, such as Bionic, Binder IPC and keystore support.

Virtualization Service

VirtualizationService manages all guest VMs, isolated or otherwise. It does so, primarily by managing instances of crosvm. It also exposes an AIDL API, which system services or privileged apps can use to start, monitor, and stop VMs.

RpcBinder

RpcBinder is an all-new backend developed for the Android Interface Definition Language (AIDL). RpcBinder enables communication to and from virtual machines using the existing binder wire protocol. This means:

1. Developers can write interfaces to virtual machines using the language and infrastructure they are already familiar with - AIDL.
2. Simply continue using existing AIDL interfaces even if the binder endpoint moves into a virtual machine.

What’s new in Android 14?

Android 14, not only makes AVF available on more devices, it also provides a new toolkit to enable building more with AVF and its components:

Privileged applications can now use VMs for executing their critical workload needing isolation; 

Added tracing capability, improved debuggability and monitoring capabilities to provide insights and assist platform developers in developing inside Isolated VMs; 

With vendor module extensions, our partners can customize Google’s hypervisor (pKVM) to meet their specific need and differentiate themselves; 

With Android 14, a microdroid based VM boots 2 times faster compared to Android 13 while using half the memory.