Meet the BlackBerry wizardry that created its 'better Android than Android'
The ingenious hack that throws the company a lifeline
Exclusive Some remarkable technical wizardry lies behind BlackBerry’s Android coup. When it was launched in January, BlackBerry’s new OS was brand new BlackBerry 10 and largely app-less. But today it can execute Android apps at impressive speed. How did they do it? Thanks to some helpful inside knowledge, The Register will reveal it all.
Android runs Java applications on a JVM called Dalvik, which runs on a Linux kernel. As it's open source, Dalvik was straightforward to port to QNX, the sophisticated embedded Unix that RIM acquired in 2010, and which powered its PlayBook tablet (released the same year).
RIM promised that this Android Player would also appear on its first QNX-based phones. But not all apps could run, and there was an insurmountable stumbling block in the way. Android apps may also call native extensions, which are ARM Linux binary libraries. And there was no way of running these on the phones - so the apps couldn’t run either.
At first, RIM’s engineers attempted to support native extensions by making BB10 another build target for extensions developers. They would choose BB10 as a target at compile time. But this required persuasion. And unless the developer bought into the idea, Android apps that called these Linux ARM extensions wouldn’t run. Even then, the BlackBerry system could not allow side-loading of native apps. It didn’t look like the Android Player would ever be truly worthwhile.
'Binary blobs'? No probs
But one or two RIM engineers were convinced they could bridge this gap between native QNX and Linux code. They would attempt to run the Linux extensions natively on QNX, without recompilation or pre-processing. Nobody was quite sure it would work - one source says he was “90 per cent sure” - but management supported the gamble, and the team set about their work in the summer of 2012.
While Linux and QNX are “Unix like”, that hardly helped. The Linux extensions looked like “binary blobs”, so the RIM engineers couldn’t be sure what was code and what was data. Which meant they couldn’t inspect and patch the Linux libraries on the fly, something called opcode substitution. It also ruled out pre-processing.
"We had to let the SWIs trigger live and discern whether it came from a Linux binary or a QNX binary at runtime, without sacrificing performance of QNX code," a source familiar with the work told us:
“Our work used a wide, labour-intensive component: dynamic cross linking, validating and shimming of the Linux APIs on QNX, and a really deep and tricky hack: catching syscalls in apps that bypassed libs, or had libs statically linked.”
"Linux and QNX used the same ARM SWI instruction, but passed the syscall number in different registers.”
Surprisingly, perhaps, gaming applications proved the easiest to get running smoothly. There were more hurdles, however.
"Skype and Instagram were much more insinuated into Android services and required a lot more work. I believe one of Skype or Instagram even had self-modifying code as part of its security obfuscation, which would have killed any strategy that involved translating the binaries,” our source told us.
Nevertheless the team could demonstrate unmodified Skype, Instagram and Angry Birds Android apps to management and got the green light to productise their work. In BB 10.2.1, which is currently in beta testing, we can start to see the benefits.
As I wrote here modern BlackBerry machines will be able run Android apps in place without side-loading. Users can download Instagram and it works. The miracle of compatibility is thanks to the extensions support.
It’s an ambitious “hack” - in the old-school sense of the word, an ingenious piece of wizardry - that has thrown BlackBerry a lifeline. And just when it needs it. Here’s hoping it’s a reminder to BlackBerry’s new management to appreciate the talent of its engineers. ®
Sponsored: Becoming a Pragmatic Security Leader