Android development under QubesOS

[York Keyser]

Hi group,

I want to develop an Android application and have a special VM for that
and also I have a sis-USB VM. So now there is my problem, how can I
forward the phone over USB to my developer VM. So I am able to debug on
the device.

Somebody in the group who have already solved this kind of problem?

Thanks for every hint you give me
Regards York

[Alex]

You can do this (I do this) simply using qvm-usb in dom0, e.g.:

$ qvm-usb -a android-dev usbvm:2-3

Note that some Android phones reset their USB part when disconnected
from dom0/usbvm, so they never show up in the AppVM.
I've had luck with Alcatel Pixi 3 and Wiko Jerry, but there's no way of
forwarding an Asus Zenfone 4 - it just resets itself and returns to usbvm.

--
Alex

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

You can try with ADB over TCP. I have no idea whether the connection is
encrypted or not...

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYAoGAAAoJENuP0xzK19csjo8H/2urxiVjpm8C23E5ORblhP14
E+bcLY2vzzRHi85Z0/rGZ/RQKqKCoNySeU/WjrWWNjjGPk0mLnJ+LByP58ieIhju
AlplUUCErgWkhFiZK67IbIn5SwfTQs9Sv98cKALovAz8QAbb5ASNKbup45tYJTWG
1/H/OAfcw+fyqJ32E+5OkqGr19lBtF1ZEvz95v15UkahrhaRDAGZBjvgP9mibG5r
rJKy+V2o1419j7BWIAUPyG8O95Z+phQ9lLnJcWzND/Lkd71pdumM7pCg9roEdqao
dN36pNqWrix+/+xrX1oXYPpPhCGpYaDAdEV12Wuea3TJ9VSO9oPiuxexbzTI0Fc=
=eAs6
-----END PGP SIGNATURE-----

[Vít Šesták]

The security of ADB over USB is rather a mystery. Since some Android version (Jelly Bean?), Android needs confirmation of fingerprint of the host when connecting over USB (!). Sure, even authentication of USB host has some merit, which I am not going to discuss right now. However, when enabling network ADB, it always used to warn that it is not secure. I've never dared to enable it. Maybe it was some leftover warning. Maybe it just authenticates without encryption, which might be OK for some limited purposes. Maybe the authentication is missing or insufficient when using network ADB. (For example, authenticating just initial handshake packets might be reasonable for some USB threat model, but it can be hardly reasonable for network threat model.) Unless you find some details that I was unable to find few years ago, I can hardly consider it as secure.

Moreover, this option seems to be missing on Android 6.0.1 on BlackBerry PRIV. Maybe it is removed by Google, maybe it is just disabled by BlackBerry.

Rather than ensuring that network ADB is secure enough, it seems to be much simpler to use USB. If the phone resets USB when moved from one VM to another one, there is a workaround od running ADB in the USBVM. This is surely suboptimal for security (risks of compromising USBVM) and convenience, but it works.

[Torsten Grote]

On 10/15/2016 03:38 PM, Alex wrote:
> I've had luck with Alcatel Pixi 3 and Wiko Jerry, but there's no way of
> forwarding an Asus Zenfone 4 - it just resets itself and returns to usbvm.

Check this issue that describes the problem and some workarounds:

https://github.com/QubesOS/qubes-issues/issues/2202

On a related note: I'd still be grateful for any hints for how to get
the Android Emulator working under qubes.

Kind Regards,
Torsten

[Vít Šesták]

Well, you can select ARM in the emulator. While it reduces performance (you need to actually emulate the instructions), it works.

I've also tried installing Android in a HVM, it worked somehow, but it was not very usable. Most notably, there was a problem with mapping touches to mouse. (Well, Qubes AFAIK provides an emulated tablet there.) I don't know which build it was and you might be more lucky.