Island (sandbox) for Android

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
DISCLAIMER
This beta version may be dangerous on some Android devices, it may cause boot-loop and even brick your device. The purpose of closed beta exclusive for advanced users is to widely test and improve the device compatibility. Don’t install it on your daily device and remember to BACKUP FIRST.



What is “Island”
“Island” is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc) even if related permissions are granted. Device-bound data (SMS, IMEI and etc) is still accessible.

Isolated app can be frozen on demand, with launcher icon vanish and its background behaviors completely blocked.

How does it work
Island takes advantage of the “managed profile” feature on Android 5.0+, which is also the base of “Android for Work”, to create an isolated sandbox for apps with their data.

App needs to be cloned in Island first. Afterwards, the clone can run parallel aside from the original one. (even with different accounts signed-in) It can be frozen on demand by Island. (NO ROOT REQUIRED)

If Greenify is also installed, apps can be frozen automatically by “Auto-freeze with Greenify” action (in the overflow menu), just like normal app hibernation in Greenify.

Common use cases
  • Freeze frequently woken apps. Clone it into Island and uninstall the original one outside. Then you can freeze it to fully block its background behaviors. Remember to create launch shortcut for quick de-freezing and launching.
  • Prevent permission-hungry apps from accessing your private data. Sometimes runtime-permission may not be the solution, especially if the app refuses to work without certain permissions. App clones running in Island cannot access your contacts, call logs and sniff other apps outside. But SMS and location are exceptions since they are bound to device.
  • Use two accounts of the same app parallel. Clone it into Island and login the other account inside.
  • Archive rarely used apps. Like the first case, keep them frozen until the next time you need it.
  • Hide your private apps.
Manual setup
On most middle to high end Android devices released after 2016, Island can be setup straightforward without hassle. But still on some devices, you may got “incompatible with your device” message on Google Play Store, or be notified during the setup with error message “Sorry, your device (or ROM) is incompatible with Island”. In both cases, Island could still work on your device if setup manually.

If you are prompted to encrypt your device first during the setup and you don’t want device decription (which may significantly degrade overall I/O performance on low-end devices), this prerequisite could also be skipped if setup manually.

Please refer to Manual setup for prerequisites and detailed steps.

God mode
In normal mode, Island only takes care of apps inside the Island space. The “God mode” is an advanced mode, in which Island takes control of ALL apps, both inside and outside Island space. For example, you can freeze any app without cloning it first. At present it is only recommended for advanced users.

The limitations in “God mode”:

  • If any corporation Google account is logged-in on the device, Google Play Store will operate in “Work Mode” which may block the installation of paid apps.
  • On Android version prior to 7.1, app backup (e.g. Cloud backup for app data with Google Drive) will stop working. (Android 7.1+ is not affected)
God mode could only be setup manually at present.

Discussion and feedback
XDA thread

More usage info here

How To Sandbox Android Apps For Ultimate Data Privacy
 
Last edited:

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
Do you prefer this or Shelter? I've been using Shelter since it's open-source and I prefer the UI a little better.
https://play.google.com/store/apps/details?id=net.typeblog.shelter

Word of caution, make sure your phone supports Work profile and know that when you remove permissions for Island/Shelter you have to start all over again.
Frankly, I haven't use either. Just highlighting the app for users. Later I might give a try (Island or Shelter) once I learn more of it.

Thanks for the head up.
 

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
OK a review of Island here and talks of limitations (also applicable to Shelter)


I was trying Island and Shelter recently. Apparently, both are not so compatible on my Huawei Mate 20X with its EMUI interface. They work nicely on my Samsung Fold though. I still prefer Shelter as Island comes with Google trackers

Quote from the above review

For example, you can’t use it protect your location from an app (better stick with spoofing your location). Additionally, it also can’t protect hardware bound information like IMEI number, Device ID, or MAC address.

Unquote

Note that the system dedicated VPN cannot get through the sandbox.

If you check using ipleak.net inside the sandbox it'll expose your IP address. The only way to spoof the IP address is to run a VPN inside the sandbox. Note also you cannot run two VPNs inside a sandbox similar to that on the android device. As for hardware info like Device ID, MAC Address etc I believe they can be changed with an app.

Alternatively, for protecting hardware bound info a better choice would be to run VMOS (Virtual Machine for android). See below link. I installed VMOS inside a sandbox but I can't get it started. The sandbox also cannot see BlackFog Privacy.......

 
Last edited:
F

ForgottenSeer 85179

For example, you can’t use it protect your location from an app
That's wrong. You can config GPS permission per app, also just turn GPS permission off fix it too.

Spoofing it doesn't work and this app also doesn't work with current Android (10). At least on my Pixel 3a with Android 10 this "Allow Mock Locations" doesn't exist in developer options.

Additionally, it also can’t protect hardware bound information like IMEI number, Device ID, or MAC address.
Apps cannot access the MAC address, serial number, IMEI or other device identifiers on the current stable release of Android. Read:


Unfortunately, VMOS is still running on Android 5.1.1 and not Android 9/10
So this isn't a option on up2date, secure devices
 

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
That's wrong. You can config GPS permission per app, also just turn GPS permission off fix it too.


Spoofing it doesn't work and this app also doesn't work with current Android (10). At least on my Pixel 3a with Android 10 this "Allow Mock Locations" doesn't exist in developer options.


Apps cannot access the MAC address, serial number, IMEI or other device identifiers on the current stable release of Android. Read:



So this isn't a option on up2date, secure devices

OK, my error here. I thought spoofing the location was about my IP address. I just checked my HW Mate 20X (Android 10) and Samsung Fold (Android 9) and both have the 'Select mock location app' feature. See below screen shot taken off my HW Mate 20X phone running Android 10

I'm using Android 10 for my Huawei which explains its incompatibility or could it be due to its EMUI like Xiaomi's MIUI which both the developers claimed no compatibility with the latter. My Samsung Fold is still at Android 9.

You still can use VMOS but many apps using VPN look like not compatible and some non-VPN apps as well. Other than that it offers a layer of protection just like a VM on your PC/Laptop. It prevents your device from being fingerprinted since it's running on Linux. Alternatively, if you want something better than Island/Shelter is to use Secure Folder by Samsung or Private Space by Huawei. They are sandboxes just like Island/Shelter with its ability to store documents, photos, videos etc with access protection

Device ID can be changed using app like Device ID Changer. As for MAC Address Android 10 supports MAC Address randomization but not all devices upgraded to Android 10 supports it like my Huawei Mate 20X. There's no MAC Address randomization feature in it after I upgraded to Android 10. I saw it in Huawei newer devices with built-in Android 10 though. And I think Terminal app can change the MAC address although I'm not sure whether it works in Android 10.

See attached screenshot of Device ID Changer taken off my Huawei Mate 20X running Android 10
 

Attachments

  • Screenshot_20200210_081231_com.android.settings.jpg
    Screenshot_20200210_081231_com.android.settings.jpg
    329.1 KB · Views: 364
  • Screenshot_20200210_070704_com.VTechno.androididchanger.jpg
    Screenshot_20200210_070704_com.VTechno.androididchanger.jpg
    290 KB · Views: 430
Last edited:
  • Like
Reactions: harlan4096
F

ForgottenSeer 85179

Well a VM on Android isn't needed at all.
All apps are isolated.

Stuff like Shelter or Island only use the Android internal work profile to isolate apps from main profile so contacts, mails, files are not visible for apps in that profile.

Also the most important think on Android is to restrict permissions for apps. Less are more and also apps without internet access are best.
 
  • Like
Reactions: SunMan09

Newbie

New Member
Mar 8, 2020
1
I have been using Island for a few years now, but there is one thing I have never been able to figure out and was wondering wether you guys knew how.
When plugging my s7 to my PC it shows all my files like usual but whatever I do I can not acces the Island files. Is there a way to do it?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top