{
	"id": "ebdd34c7-98e6-49f7-8da1-ccd13782e505",
	"created_at": "2026-04-06T02:12:30.903632Z",
	"updated_at": "2026-04-10T03:20:24.260023Z",
	"deleted_at": null,
	"sha1_hash": "a73727428ae97b2170eebcad752f031665198590",
	"title": "Android Virtualization Framework (AVF) overview",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 95347,
	"plain_text": "Android Virtualization Framework (AVF) overview\r\nArchived: 2026-04-06 02:04:50 UTC\r\nAndroid Virtualization Framework (AVF) overview Stay organized with\r\ncollections Save and categorize content based on your preferences.\r\nOn this page\r\nWhat's next?\r\nAndroid Virtualization Framework (AVF) provides secure and private execution environments for executing code.\r\nAVF is ideal for security-oriented use cases that require stronger, even formally verified, isolation assurances over\r\nthose offered by Android's app sandbox. Android provides a reference implementation of all the components\r\nneeded to implement AVF. AVF is supported only on ARM64 devices. Figure 1 shows the architecture of AVF:\r\nFigure 1. AVF architecture.\r\nHere are the definitions for the most important terms from figure 1:\r\napexd and zipfuse\r\nSecurely mounts APEXes and APKs imported from host.\r\nauthfs\r\nA fuse file system for securely sharing multiple files between Android and pVM (host and guest).\r\nbinder\r\nPrimary means of inter-VM communication.\r\ncrosvm\r\nhttps://source.android.com/docs/core/virtualization\r\nPage 1 of 3\n\nA virtual machine monitor written in rust. crosvm allocates VM memory, creates virtual CPU threads, and\r\nimplements the virtual device's back-ends.\r\nGeneric Kernel Image (GKI)\r\nA boot image certified by Google that contains a GKI kernel built from an Android Common Kernel\r\n(ACK) source tree and is suitable to be flashed to the boot partition of an Android device. For further\r\ninformation, see the Kernel overview.\r\nhypervisor\r\nThe virtualization technology used by AVF, also known as pKVM. The hypervisor maintains the integrity of\r\nthe executed code and confidentiality of the pVM's assets, even if host Android or any of the other pVMs\r\nare compromised.\r\nJava API\r\nThe VirtualizationService Java APIs, which are present only on devices with AVF support. These APIs are\r\noptional and not part of thebootclasspath .\r\nMicrodroid\r\nA Google-provided mini-Android OS that runs in a pVM.\r\nMicrodroid Manager\r\nManages the pVM lifecycle, inside the pVM, and instance disk.\r\nNative API\r\nA subset of the Android Native Developers Kit (NDK).\r\nprotected kernel-based virtual machine (pKVM)\r\nSee Hypervisor.\r\npVM firmware ( pvmfw )\r\nThe first code that runs on a pVM, pvmfw verifies the payload and derives the per-VM secret.\r\nprotected virtual machine (pVM)\r\nA mutually distrusted isolated execution environment (guest) that runs alongside the main Android\r\noperating system (host). One important aspect of pVM security is even if the host is compromised, the host\r\ndoesn't have access to a pVM's memory. pKVM is the standard hypervisor for running pVMs.\r\nCompared to existing trusted execution environments (TEEs), pVMs provide a richer environment,\r\nincluding the ability to run a mini-Android distribution called Microdroid (though Microdroid can also run\r\non an unprotected VM). pVMs can be used dynamically and provide a standard set of APIs in a trusted\r\nenvironment available across all devices that support them.\r\nVirtualizationService\r\nThe Android service that manages the lifecycle of pVMs.\r\nWhat's next?\r\nIf you want to better understand the need for AVF, refer to Why AVF?.\r\nTo read about how AVF can be used for isolated compilation, refer to Use cases.\r\nIf you want a more in-depth explanation of the AVF reference implementation's architecture, refer to AVF\r\narchitecture.\r\nhttps://source.android.com/docs/core/virtualization\r\nPage 2 of 3\n\nIf you want to learn about Microdroid, refer to Microdroid.\r\nIf you are interested in how AVF handles security, refer to Security.\r\nTo understand the role of the virtualization service, refer to VirtualizationService.\r\nFor source code of AVF or in-depth explanation about individual components, refer to AOSP repository\r\nContent and code samples on this page are subject to the licenses described in the Content License. Java and\r\nOpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.\r\nLast updated 2026-03-11 UTC.\r\nSource: https://source.android.com/docs/core/virtualization\r\nhttps://source.android.com/docs/core/virtualization\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://source.android.com/docs/core/virtualization"
	],
	"report_names": [
		"virtualization"
	],
	"threat_actors": [],
	"ts_created_at": 1775441550,
	"ts_updated_at": 1775791224,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a73727428ae97b2170eebcad752f031665198590.pdf",
		"text": "https://archive.orkl.eu/a73727428ae97b2170eebcad752f031665198590.txt",
		"img": "https://archive.orkl.eu/a73727428ae97b2170eebcad752f031665198590.jpg"
	}
}