There’s always decompiling, changing the behavior and compiling back
So, finally, I’m going to combine using Anbox inside Whonix-Workstation and Android x86 Workstation.
Android x86 provide some extra features that Anbox does not provide. In general, advantages and disadvantages of Anbox and Android x86 Workstation are the following.
Anbox. Advantages:
- No emulation needed, run Android apps in a native Whonix Workstation environment
- Android apps run faster
- You can use adb easily to install/remove apps and to push/pull files from/to Anbox environment
Disadvantages: - Anbox doesn’t provide virtual Wi-Fi (wlan) interface so some apps won’t see the Internet connection.
- Anbox doesn’t have any type of bootloader and ramdisk so you won’t be able to install Magisk or some kind of recovery which is probably needed to do some operations like hide root from apps (Magisk Hide) and so on
These two disadvantages are very critical.
So, Android x86 Workstation advantages are the following:
- Full Android stack implemented as Android x86 is a full OS which requires hardware virtualization (not as Anbox)
- Android x86 provides virtual Wi-Fi interface (wlan0) so apps think that a real Wi-Fi connection is established (Anbox uses bridge network interface)
- You can install any version of Android from 4.x to 9.x (Anbox provides only Nougat)
- You CAN use Magisk to achieve root permissions and hide root from apps on Android x86 as some geeks succeeded to install it on Android x86 !!!
Disadvantages: - Less secure (may be) as you don’t work with Whonix-Workstation (but I could solve 7-year issue with static IP connection on Android x86 Workstation)
- Slower speed as Android x86 doesn’t provide any type of Guest Additions so no graphic card drivers are supported
- You cannot use adb because no connection between Whonix Workstation and Android x86 established (but may be you can run ssh-server on Whonix-Workstation and connect your Android x86 through Termux or something like that)
2 Likes
Great work @helpmeplzz. Consider pasting this info on our wiki (don’t worry about formatting for now) s it can help others.
1 Like
Unfortunately, I don’t have a lot of free time, but I can try to add it to wiki. How can I do that? Do I need any permissions to add infos to Wiki?
So, now I have new research results working with Android x86 Workstation. I found out that you CAN establish adb connection with Android x86 the same way as you can do it with Anbox. You should start Whonix-Workstation and type
adb connect 10.152.152.11 (assuming 10.152.152.11 is the IP address of Android x86 Workstation)
in order to connect Android x86 with Whonix-Workstation machine. Then, you can type
adb shell and so on to start debugging.
The biggest problem with Android x86 right now is passing SafetyNet by Google. As you may know, Android consists of two parts:
- The Android system itself (Android Open Source Project)
- Proprietary software called Google Play Services
Generally, there are two scenarios of working with Android system:
- Executing only free software from F-Droid store or building it from sources (recommended)
- Executing non-free software (apps from Google Play Store) something like WhatsApp, Viber, Tinder and so on
If you are going to run only free apps, then you don’t need Google Play Services at all as all apps from F-Droid are built without need of Google Play Services. But if you need to run proprietary apps, it can be problem for you as some of them use Google Play Services mechanism.
Generally, Google Play Services is consists of two important parts:
- GCM (Google Cloud Messages)
- SafetyNet
GCM is used by 70-80% of proprietary apps from Google Play Store as these apps uses proprietary mechanism of delivering Push Notifications from Google servers. It is not hard to enable support GCM both for Android x86 and Anbox. Android x86 comes with built-in Google Play Services so GCM is enabled by default. With Anbox, you can install either proprietary Google Play Services (OpenGAPPS) or open-source implementation of Google Play Services called Micro-G.
But SafetyNet is a nightmare. It is the mechanism which verifies the integrity of the device. If a device is not certified by Google, then you cannot run app with Android x86 or Anbox as they are not certified (and will never be) by Google. I cannot find any way to pass SafetyNet neither on Android x86 nor on Anbox. SafetyNet is used by 30-50% of Google Play Store apps. A lot of banking apps, social network apps such as Tinder and other apps such as Pokemon Go use SafetyNet mechanism.
Generally, there are two Google Play Services implementations:
- Proprietary Google Play Services
- Open-source Micro-G
Open source one is better as in takes only 50 MiB of memory (proprietary one needs 500 MiB) and Micro-G allows user to control which apps can be used with GCM. Moreover, Micro-G allows user to manually register/ungerister device in Google Cloud Messages system. But Micro-G doesn’t have working SafetyNet implementation as it has been broken by Google in 2019. So, Google is our main enemy for now 
So, I think, this info should be added to Wiki.
I am writing about Android on Whonix Wiki right now. Please accept my changes. I also suggest to unite articles about Anbox
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Anbox
and
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Other_Operating_Systems#Whonix_.E2.84.A2-Android-Workstation
into one Android wiki page in Whonix Wiki. Thank you!
2 Likes
Therefore closing.