During the last few years, for more and more people, the line between a proper laptop computer and a mobile device, like a smartphone or a tablet, has been getting increasingly blurrier.

For example, we can see this in the web browser market share: as StatCounter reports, as of today, 62.23% of the web market share extracted from browser statistics comes from mobile phones, with only the remainder of that coming from desktops and tablets.

For more and more people, laptops are beginning to be either a thing of the past or something they only use in their office jobs. Mobile manufacturers did not miss this, and several of them have already been playing around with neat software tricks to let their phones behave as complete desktop replacements for users. An example is Samsung's DeX interface, which allows a Samsung tablet, or a Samsung Galaxy smartphone hooked up to an external monitor, keyboard, and mouse, to be usable in a similar manner as a laptop or mini PC would be, with a taskbar that is reminiscent of something we would see on KDE Plasma and free-floating windows for applications that can be freely rearranged. Eventually, this pushed even Google to work on a similar “desktop mode” on stock Android.

However, between things like the Samsung DeX interface, phones shipping with increasingly larger displays, and more and more neat UX tricks to make tasks that are traditionally carried out on a desktop more pleasant on a smartphone, all of these solutions have one fundamental problem: at the end of the day, they are still nifty tricks to run mobile applications in a non-mobile environment, but they cannot run real desktop applications. The consequence of this is that it has become increasingly unclear whom these tricks are for: something like Samsung DeX is only practical for basic users, who only need to use regular mobile applications; while also being advanced enough to want to run their phones like desktop computers, or buying something like a "lapdock", a laptop chassis that needs a mobile device to run instead of being able to work independently.

As you would expect, the people who turned out to be most interested in this innovation are advanced users, like developers, sysadmins, and tinkerers. For the longest time, those people have had very little use for such solutions due to the lack of power they entail.

Tinkerers strike back

As we all know, the Linux community is deeply committed to the noble goal of running Linux anywhere they can. It should not come as a surprise that, over the years, there have been successful efforts to get various kinds of Linux environments running on mobile phones — from elementary userland environments to complete GNU/Linux distributions.

Running full Linux on a phone

Let's start from the latter. Everybody's dream is to be able to run a complete Linux distribution on their phones. If this looks like a stretch, or something completely unattainable, consider this: Android, the operating system that powers the vast majority of mobile phones on the market, is powered by a modified version of the Linux kernel.

From Android's documentation, we know that the Android kernel is based on an LTS version of the Linux kernel as upstream, which is then augmented with a set of Android-specific patches called ACKs. In more modern versions of Android, those patches are distributed as “GKI kernels”, which stand for “Generic Kernel Image”. This architecture allows Google to distribute a standard, generic Android kernel, allowing device manufacturers to bundle proprietary drivers as kernel extensions. Perhaps this is not quite the same pure Linux you are running on your laptop — save for some GPU or network card drivers, which are distributed as external programs, even on desktop PCs — but the potential is there.

It should be noted that the Android kernel used to diverge from the Linux kernel much more. During the latest years, Google has been embracing upstream Linux more and more in its development philosophy, greatly reducing the distance from upstream. Over time, the effort has been, more and more, to separate the Linux kernel from Android's extensions, distributing them as separate modules, typically distributed through the Play Store, independently of the kernel. More specifically, this change was introduced in Android 14 as Project Mainline. This is the way to go now: back in the early days of Android there were some very good reasons to diverge greatly from upstream Linux — for example, concerns related to power efficiency — but, nowadays, that divergence has proven to cause more problems than it solves.

Manufacturers soon embraced this change, due to the several benefits from decoupling Android-specific patch sets and proprietary OEM customization from the monolith. Various manufacturers, like Google and Sony, also opened up the mainline kernel ecosystem for their phones, allowing people to develop, install, and distribute their alternate operating systems on their phones.

As the distance between the Android and Linux kernels has been shrinking for a few years, new opportunities came about. For example, the amount of devices where it is likely going to be possible to run pure, mainline Linux in the not-so-far future has grown.

The biggest testament that we have to that is postmarketOS, a Linux distribution that targets various mobile ARM devices like smartphones, tablets, and Chromebooks and allows users to have a complete Linux experience on them. Of course, the distribution also offers the mobile versions of the KDE and GNOME desktop environments (and more), which are coming along quite nicely.

Sadly, however, while the postmarketOS project is nothing short of fascinating, adopting it as a daily driver in your everyday life is going to be a challenge. The first limitation you will encounter, just to begin, is the fact that it's statistically very unlikely that your smartphone is supported: only a bunch of phones are supported, and some of them are pretty old or obscure!

The second and final limitation you will encounter with this approach is the fact that completely forgoing Android for a pure Linux distribution on your phone, as cool as it is, implies several sacrifices. Indeed, while Android mostly shares the same kernel as regular Linux distributions right now, it certainly does not share the same userspace. This means that the Android applications you are used to will not be immediately supported by a Linux distribution, on which you will need to pivot to native Linux applications for the best experience. And, while there is absolutely a promising and rapidly growing ecosystem of mobile Linux applications that you can peruse, most people will still likely be unable to make do without a lot of specific applications that require Android to run. Think of banking applications, full-fledged maps and navigation apps, or digital identity apps to access government services, just for a start.

For now, the only realistic option to run Android applications on Linux desktops is to use one of the various compatibility layers, like Waydroid, a piece of software that allows you to run the Android userspace in a container. These multiple solutions are, however, under heavy development, and they are not ready for prime time yet, for most use cases.

Linux smartphones are the future, but they are not viable for most users right now. Instead, what if we tried running Linux applications on Android for the time being, allowing us to keep using our existing applications and run native Linux programs as well? Well — enter the exciting world of compatibility layers.

Running a Linux userspace on Android

Back in 2015, the Termux project saw its initial release. Termux is a terminal emulator that bundles an entire Linux-like userspace, and it was revolutionary because it finally allowed users to easily run a lot of native Linux and UNIX tools on their phones.

Opening up Termux for the first time feels like a breath of fresh air: it truly, finally, feels like home. You are greeted by your beloved bash shell, and you can use the pkg command (which uses the apt package manager under the hood) to install several packages. Up to now, my main use case for Termux has been the ability to install OpenSSH on it and log into my Fedora Server to perform quick maintenance on it from wherever. I have spun up containers, initiated software upgrades, and more, from crazy places, just because I could. It is, of course, more powerful than that, as it supports running text editors like neovim, as well as compilers and interpreters like clang, and python. There is a plethora of packages available, and there is a nice surrounding ecosystem. It's not quite my workhorse Ghostty setup on my laptop, but it gets me by in a pinch.

Termux was a pivotal evolution to the Android ecosystem, and this application alone pulled its weight as the primary reason why I have stuck with Android phones exclusively over the past ten years — it is that good. Sadly, however, it does suffer from some intrinsic limitations that are pretty much impossible or very hard to fix. It is not a virtual machine, it is merely a containerized userland running in a highly sandboxed environment that is explicitly designed to be impossible to break out of. Anything that relies on something like root access, kernel components like namespaces or cgroups such as Podman, or any sort of hardware-accelerated GPU interaction is simply impossible, heavily limiting what you can do with it. This makes Termux a handy tool for sure, but never a true replacement for a Linux machine, even for simple tasks.

This is the situation we were stuck in until, in a very unexpected move, Google released a beta build of Android with nothing short of a full-fledged Linux terminal baked in.

Official Linux Terminal support on Android!

In a pretty unpredictable move, circa towards the end of 2024, Google announced they wanted to integrate a native Linux terminal in Android phones. In the latest Android 15 feature drop on Pixel phones, the Linux Terminal is finally here, in all its glory, as an experimental feature.

Differently from the Termux approach, this native Android terminal does not just run a GNU userspace on top of Android — rather, it runs a full-fledged Linux virtual machine based on the Debian distribution.

This solves the main problems we had with Termux. Since this is a full Linux VM, we now get access to every Linux program under the sun, including immediate access to the very vast Debian repos. What's more, we also get support for GPU acceleration, which not only allows us to run console applications on the CLI but also run desktop environments and Linux desktop applications without a problem. Debian is also an excellent choice for something like this: it supports almost every architecture under the sun, it has very vast repos, on top of every Stable release being supported for a very long time, even by third-party vendors, due to being an industry standard.

So far, there is only one serious drawback by design: unlike Termux, the Linux terminal is not able to access the full smartphone storage, but only the Downloads folder, likely for security reasons. While it is still entirely possible to create a “Linux” folder within the /sdcard/Downloads to exchange files between the host Android system and the guest Linux VM, being limited to just a shared directory puts some serious limits on what you can do with the virtual machine. Here is to hoping Google will eventually change their mind on this one, and allow the user to manually allow further permissions to the VM.

How does the Android VM work?

Still, let's not let that ruin the party, and let's see in further detail how this all works.

This Android VM relies on a feature called AVF, which stands for Android Virtualization Framework. The AVF is meant to provide secure execution environments to safely run code in virtualized environments, providing even stronger isolation than the one provided by the usual sandbox Android apps run within. This can be very appealing for use cases where security is critical, such as mobile devices used within a state government, or corporate devices holding confidential and proprietary data.

The entire architecture of the AVF is based on pKVM hypervisor. The name “pKVM” stands for “Protected KVM”. As the name implies, this hypervisor is based on a similar idea as the Linux Kernel-Based Virtual Machine (KVM), but it has a strong architectural focus on privacy and security. The main point of pKVM is that it must maintain the integrity of the executed code and everything inside the virtual machine secure and confidential, even if the host Android system, or another virtual machine, is compromised. As an added functional requirement, pKVM must also be fast to start up, while also undergoing a pretty strict boot process to ensure the best security practices available are followed.

As opposed to regular KVM, pKVM is a lot more atomic. The hypervisor and the kernel go from being two separate entities to being in the same image, and the entire monolith gets updated in an atomic way — so, the update process either completely succeeds, or it gets completely reverted, but it never gets stuck into a weird, inconsistent state.

The architecture of this virtualization infrastructure not only is incredibly cool, but it should make you rest easy: your data is not going anywhere, and, since the Linux environment is so well-isolated, there is no risk of breaking anything by enabling it. The host Android and the guest Linux system will stay two very separate domains, to the point where what you do in the Linux VM will not be accessible by the Android OS itself!

Networking in the Linux VM

Medium author Cedric Ferry has demonstrated that the virtual machine's networking implementation is pretty good. Interacting with iptables to manage ports from the Debian side of things works — the Terminal application will just ask you to accept or deny the change, to make sure you know what you are doing and to minimize the damage that would occur by running a rogue script that is trying to poke holes in your firewall configuration.

After a port is open, it is shared between the VM and the host system: it is then possible to spawn a web server on that port from the VM, and access it from a browser on the host. Hooray! This makes web development tasks finally possible on an Android device, on top of allowing us to run client-server applications locally on our phones, as well.

Those of you with a Pixel phone upgraded to the latest software build can now begin giving this feature a shot following the steps outlined in this clip.

Overall, while in its early stages, this feature is seriously cool, and it opens up new possibilities for what you can do with an Android device. Who knows: maybe, if it gets developed further, more and more people will truly be able to get away with using their Android phone with a docking station as their only computer if their use case does not require them to run tasks that are not too taxing on the hardware. Regardless of that outcome, though, this marks a new direction for Android, which has suddenly become much more powerful.