[codedokode]

Looks like something absolutely overengineered and unnecessary. Why do you need a virtual machine with a separate kernel? Why do you need to protect it from kernel? I guess, it is made mostly for playing DRM content?

[berkes]

A use-case I can imagine is e.g. a password vault, a banking app, or a secure messaging app that you want isolated from everything. Even when running. And where "everything" includes infected apps, an infected host or even physical access.

Not sure if this architecture can handle that, nor of it's the best architecture to solve this problem, though.

[jonathanlydall]

Yes, yes, yes... those are all "legitimate" and likely good uses of this technology, but they're most likely just additional/bonus tertiary use cases to the main use case which motivated Google to expend effort on this feature: DRM.

It's much like how web browsers' incognito/private mode is really useful for web developers and certain kinds of troubleshooting, but those are tertiary uses to the primary consumer use case for which it was originally built: browsing porn without leaving history behind.

[eptcyka]

I'd love to be able to use a Qubes like OS on my phones. There's so much vile garbage I need to run on my phone yet at the same time, I want my phone to have access to my passwords and email. Segregating apps is long overdue.

[anthk]

Not Qubes, mayube something like Unikernels from NetBSD.

[lxgr]

DRM on Android is already ubiquitous and runs in trusted hardware contexts (TEEs). These are also used for Android’s secure key storage.

Normal apps usually don’t have the opportunity to run there, so this levels the playing field somewhat in terms of security.

And unless there is also attestation or binary encryption involved, I doubt this would give app developers any DRM-like capabilities.

[themoonisachees]

It is. I'd like to believe that the android team is removed enough from Google's shenanigans that they aren't doing it specifically for them, but there are a lot of corporate app developers (including Google) who want exactly this feature. This means much higher difficulty hacking in multiplayer games (yes haha mobile games, but they're huge in china for example), increased DRM for Netflix et al., and I'm sure the chrome for Android team is salivating at the prospect of running your browser in a trusted VM. Your bank obviously would also enjoy the added security but in reality the current safeguards work well enough for these purposes. This is about protecting apps from adversarial users, not protecting apps from unwittingly infected users.

[extraduder_ire]

Run an older/newer version of android in the VM, assuming the host is light enough?

Maybe another OS, if someone does the groundwork on that. Or, fully suspend and move running instances across devices, which I think xen can already do.

[helloooooooo]

One prime example is to protect credentials. Windows already uses this in a feature called credential guard.