With AVF virtual machines become a core construct of the Android operating system, similar to the way Android utilizes Linux processes. Developers have the flexibility to choose the level of isolation for a virtual machine:
One-way isolation: Android (the host) can control and inspect the contents of the VM. These are most commonly used for sandboxing and separation..
Two-way isolation (Isolated VM): Android (the host) and the virtual machine (the guest) are completely isolated from each other.. This has 2 main properties:
1. The workload and data inside the VM is inaccessible (confidential) from the host (Android).
2. Even if Android is compromised all the way up to (and including) the host kernel, the isolated VM remains uncompromised.
