Well you'd think it's not really necessary to run Android in a VM. The Android x86 project should make it easy to run atop an existing Linux in a container.

Just as an aside: Docker doesn't seem very security-focused, I would not [yet] count on its containers being properly sandboxed. :>

They're pretty sandboxed, but every Android app gets a JVM, no exceptions allowed (even Android's pure C++ API is just a wrapper around JNI calls). And in the case of the old Dalvik VM, it's a terrible JVM.

> They're pretty sandboxed, but every Android app gets a JVM, no exceptions allowed (even Android's pure C++ API is just a wrapper around JNI calls). And in the case of the old Dalvik VM, it's a terrible JVM.

Wasn't Dalvik deprecated & replaced by ART (Andriod Runtime)? ART compiles apps AoT - IIRC; upon installation pre-Marshmallow, and while charging/idle Marshmallow going forward

Yep, hence me specifying the old one. ART cleans up a lot of things: no more 8-16KB main thread stacks, better code gen via AoT, fully precise collection, moving GC. It has some really ingenious features as well, like switching to a compacting GC with better throughput and space efficiency when an app goes in the background and latency is irrelevant. The switch to ART as default was actually in 5.0 (Lollipop).

It's almost enough to make me stop cursing Android developers and their children's children. Unfortunately version updates for non-Google devices are rare and everybody is still stuck supporting the majority of devices that are pre-Lollipop. Also it didn't make the APIs any better >:(