Let’s start by clarifying that Anbox is not an emulator. It’s a system that runs a complete Android environment directly on the current Linux kernel, allowing each app’s interface to be displayed in a separate window with support for 3D acceleration. It’s somewhat similar to Wine, which runs Windows applications without needing to launch Windows in a virtual machine, but without Wine’s glitches and shortcomings.
The two main advantages of Anbox are its speed and seamless desktop integration. Applications run without any intermediary layers or emulation. Most importantly, they operate swiftly. In the second part, we’ll take a closer look at how Anbox works, but for now, let’s install it and explore what it offers.
Installation Steps
Currently, Anbox supports only x86_64 architecture processors and distributions such as Ubuntu 17.04, 16.10, 16.04, 14.04, and also Linux Mint, Neon, and Elementary. Installation can be done via a standalone Snap package or with the anbox-installer script. However, since both methods function similarly and the first is less versatile, we’ll focus on the second option.
Ubuntu
The first step is to download the script itself and grant it execution permissions:
$ wget https://raw.githubusercontent.com/anbox/anbox-installer/master/installer.sh -O anbox-installer
$ chmod +x anbox-installer
Next, execute the script:
$ sudo ./anbox-installer
The script will prompt you to type “I AGREE” in the terminal, after which it will install Anbox on your system and suggest rebooting your machine. Once rebooted, Anbox will appear in the menu.
Arch Linux
Anbox can be run not only on officially supported distributions but also on other Linux systems by building it from source. This is easiest in Arch Linux since Anbox is already available in the AUR, allowing the entire build process to be automated.
Let’s install a couple of necessary packages for building:
$ sudo pacman -S linux-headers dkms
Next, we’ll build Anbox from the AUR. It’s best to do this using an AUR helper like pacaur or yaourt.
$ yaourt -S anbox-image anbox-modules-dkms-git anbox-git
Next, let’s load the necessary kernel modules:
$ sudo modprobe binder_linux
$ sudo modprobe ashmem_linux
Let’s start the container manager:
$ sudo systemctl start anbox-container-manager.service
Let’s start the session manager:
$ anbox session-manager --gles-driver=host &
Done. You can click the Anbox icon on your desktop or take the advanced route and launch it directly from the terminal:
$ anbox launch --package=org.anbox.appmgr --component=org.anbox.appmgr.AppViewActivity
Getting Started
As soon as you start up, you’ll see a basic “app manager” on the screen, designed specifically for Anbox. The selection of apps is very minimal, just the standard gallery, calendar, settings, and a few others, but there’s no app store. So the first question you’ll probably have is: how do I install apps, buddy?
Here’s where things get interesting. Anbox developers are not permitted to include the Google Play Store or any other Google software, such as Google services, in their non-emulator package until their “device” is certified. The catch is that the device cannot obtain certification, so the Play Store won’t be available.
However, in Anbox, the debugging mode using ADB is enabled by default (which in standard Android is accessible through developer settings, and you have to navigate to it first), so you can use it to install applications. Here’s how you can install ADB itself:
$ sudo apt-get install android-sdk-platform-tools // Ubuntu
$ sudo pacman -S android-tools // Arch Linux
Now for the most exciting part: you need to find and download the APK file for the desired app. You can use the apkpure website for this. After that, you just need to run a simple command (for example, FX File Explorer):
$ adb install ~/Downloads/File Explorer_v5.1.1.0_apkpure.com.apk
All set! Go ahead and install apps, have fun, see you later. Just kidding, there are actually many pitfalls. For instance, right after installing Anbox, I decided to test how Opera Mini works in it – you know, the browser known for its fast page loading, even if your internet connection is as slow as carrier pigeon mail. After all, there’s no desktop version of it.
As a result, the following appeared on the screen:
$ adb install ~/Downloads/Opera Mini fast web browser_v24.0.2254.115689_apkpure.com.apk
Failed to install /home/j1m/Downloads/Opera Mini fast web browser_v24.0.2254.115689_apkpure.com.apk: Failure [INSTALL_FAILED_NO_MATCHING_ABIS: Failed to extract native libraries, res=-113]
The explanation is straightforward: most of the Opera Mini code is written in C++, which is compiled into a binary for the ARM platform. Since our machine uses the x86_64 architecture, Android conveniently blocks the app during installation, saving us the trouble of figuring out why it wouldn’t work.
The marketplace is actually full of similar applications, and you’ll encounter architectural incompatibilities quite frequently.
The second interesting aspect of launching applications in separate desktop windows is that not every app is prepared to be forcefully resized. Most modern applications handle this well—Google took care of it while preparing for the implementation of floating windows in Android 7.0. However, older software might pose some challenges, although it usually ends up with a fixed-size window.
And thirdly, Anbox, to put it in Shakespeare’s terms, is alpha software. In other words, what they’re telling us is: expect things to be rough and unstable. Forget about features like location support, camera, and microphone. Moreover, in some cases, you might even have to do without the internet, and the session manager will occasionally crash, requiring a restart.
Additionally, Anbox accurately identifies the current battery level, available RAM, and even the hard drive size (specifically, the / partition). Overall, it runs smoothly and doesn’t provoke any desire to uninstall it. The amount of RAM it uses is just 448 MB with the application manager running.
Pioneer’s FAQ
How to Navigate with the Back Button and Scroll Through Pages
The “Back” button function is emulated using the Esc key. You can also use the keyboard to navigate the application with the Tab key and arrow keys. Scrolling can be done with the mouse wheel or by holding the left mouse button and moving the mouse up or down.
Can Anbox be Used to Run Projects in Android Studio?
Yes! In fact, you don’t need to take any additional steps. Just select the device named emulator-6663 when starting the project.
Is it possible to access the filesystem of a running Android on Linux?
Yes, it’s located in the /var/lib/anbox/rootfs directory, but it’s read-only. However, you can view the contents of the apps’ private directories (data/data).
Is It Possible to Install an App Store?
There is a theoretical possibility to install the Google Play Store, but it involves unpacking the Android file system image and integrating GApps. However, it’s much easier to install a third-party app store like Yandex.Store or any other similar market. Additionally, you need to enable the installation of apps from unknown sources: go to Settings → Security → Unknown sources.
How to Extract an Android Anbox Image?
Very simple:
$ sudo apt-get install squashfs-tools // Ubuntu
$ sudo pacman -S squashfs-tools // Arch Linux
$ unsquashfs -f -d /destination_directory /var/lib/anbox/android.img
Is it possible to use another Android image, like CyanogenMod?
No, there are two reasons why this can’t be done. First, there needs to be an Android build specifically for x86_64. Second, this build must include certain Anbox-specific modifications.
How Anbox Differs from Shashlik
Shashlik runs each application within an emulator. In other words, when you click on an app icon, an emulator starts up, which then loads a stripped-down Android environment, and only after that does the app itself launch. Anbox, on the other hand, is much more lightweight and efficient.
How It Works
The core idea behind Anbox is quite straightforward: if Android is essentially a virtual machine that runs on top of a Linux kernel, why not try running Android applications within a regular Linux distribution? This intuitive concept has occurred to many developers ever since Android was ported to x86 architecture. Some programmers have attempted to achieve this by placing an Android environment in a chroot, but mostly this led to semi-functional prototypes without full realization (for example, ARC Welder).
It took the developers of Anbox a year and a half to complete the project. They managed to integrate Android applications into the Linux desktop, ensuring almost full compatibility. Most importantly, they made it run smoothly, without crashes, and without requiring complex setup steps.
The Android environment (based on the latest Android 7.1.1, by the way) is sandboxed here, controlled using namespace technology—the same concept that underpins Docker. Namespaces completely isolate the environment from the Linux distribution, and all hardware interactions are handled through the anboxd daemon. A special translator is used to render 3D applications, converting OpenGL ES to OpenGL, borrowed from the official Android emulator.
The Linux kernel also needed modifications, specifically to add modules that implement binder and ashmem into the Anbox package. These modules are crucial in Android for inter-process communication (IPC) between system components. Before starting Anbox, these modules are loaded into the kernel, and a udev rule is added to set the correct permissions for the / and / devices.
Each application is displayed in its own window within Anbox, using a modified compositor manager called hwcomposer, which Android relies on for overlaying graphic layers. Hwcomposer collects all the layers from each application and passes them to Anbox, which then creates individual windows for each application.
All these technical solutions make Anbox a truly fast, user-friendly, and resource-efficient “emulator,” particularly for 3D applications.
Anbox consists of two components: a container manager and a session manager.
The container manager handles sandboxes running Android environments. Its job is to properly start the Android system, maintain its operation, and ensure it shuts down correctly.
The session manager is responsible for managing communications between Android within the sandbox and the main Linux system. Its role includes handling application launch requests and distributing them across different windows.
Overall, launching an Android app using Anbox works like this:
- The binder and ashmem modules are loaded into the kernel.
- The container manager starts up, setting up a sandbox with Android inside.
- The session manager initializes, launching the Android environment.
- The user issues a command to start an application, which is received and processed by the session manager.
- The session manager waits for commands.
Steps 1-3 prepare Anbox and are executed once, typically during system startup.
This architecture enables applications to launch almost instantaneously, thanks to a minimal memory overhead in idle mode—roughly 400 MB.
Conclusions
Without a doubt, Anbox is worth paying attention to. Yes, there are compatibility issues: it doesn’t work with your camera and microphone, and it crashes occasionally. However, as an alpha version, it performs remarkably well.
2022.06.01 — F#ck AMSI! How to bypass Antimalware Scan Interface and infect Windows
Is the phrase "This script contains malicious content and has been blocked by your antivirus software" familiar to you? It's generated by Antimalware Scan Interface…
Full article →
2022.04.04 — Fastest shot. Optimizing Blind SQL injection
Being employed with BI.ZONE, I have to exploit Blind SQL injection vulnerabilities on a regular basis. In fact, I encounter Blind-based cases even more frequently…
Full article →
2022.02.16 — Timeline of everything. Collecting system events with Plaso
As you are likely aware, forensic analysis tools quickly become obsolete, while hackers continuously invent new techniques enabling them to cover tracks! As…
Full article →
2023.04.19 — Kung fu enumeration. Data collection in attacked systems
In penetration testing, there's a world of difference between reconnaissance (recon) and data collection (enum). Recon involves passive actions; while enum, active ones. During recon,…
Full article →
2022.06.02 — Climb the heap! Exploiting heap allocation problems
Some vulnerabilities originate from errors in the management of memory allocated on a heap. Exploitation of such weak spots is more complicated compared to 'regular' stack overflow; so,…
Full article →
2022.06.02 — Blindfold game. Manage your Android smartphone via ABD
One day I encountered a technical issue: I had to put a phone connected to a single-board Raspberry Pi computer into the USB-tethering mode on boot. To do this,…
Full article →
2023.01.22 — Top 5 Ways to Use a VPN for Enhanced Online Privacy and Security
This is an external third-party advertising publication. In this period when technology is at its highest level, the importance of privacy and security has grown like never…
Full article →
2023.04.04 — Serpent pyramid. Run malware from the EDR blind spots!
In this article, I'll show how to modify a standalone Python interpreter so that you can load malicious dependencies directly into memory using the Pyramid…
Full article →
2022.02.15 — First contact: How hackers steal money from bank cards
Network fraudsters and carders continuously invent new ways to steal money from cardholders and card accounts. This article discusses techniques used by criminals to bypass security…
Full article →
2022.01.11 — Persistence cheatsheet. How to establish persistence on the target host and detect a compromise of your own system
Once you have got a shell on the target host, the first thing you have to do is make your presence in the system 'persistent'. In many real-life situations,…
Full article →