How Android apps will run on your Chromebook is just as important as the fact it's happening in the first place.

For many, the announcement of Android apps running on Chromebooks — and other Chrome OS powered devices like Chromebases and Chromeboxes — was a highlight from Google I/O 2016. All of us here agree, and we're ready for the first developer builds so we can give it a spin.

But there was another message delivered along with the big news, and it's equally as important to the future of devices like the Chromebook.

The Sandbox

Chrome Google I/O session

A quick refresher on how this whole Android thing on Chromebooks is going to work is in order. Android is going to run as a separate container on Chrome. Now this doesn't mean a full build of Android like you would see on something like the Pixel C, but it will be complete enough to run Android applications, support Google Play Services and tap into the standard Android features like intents (sharing) or your Google address book. Some apps — launchers, for instance — aren't supported, but most every app you use now on your Android phone or tablet will run as intended on a supported Chromebook. In theory, anyway — nobody will be surprised at any growing pains.

On a side note — this had a great effect on Android as well and some great features from Chrome like the A/B seamless update procedure. I think the meeting of the minds by the Chrome and Android team will be proven to have made both operating systems better.

Android apps and any associated services or support files are sandboxed and isolated from Chrome OS. Not the same way Chrome sandboxes its own native processes, but running in a completely separate container with no directly shared system files. (User-decrypted files will be available though.) The Chrome and Android teams worked together and built an Android HAL (Hardware Abstraction Layer) to run Android atop of, and this provides services like input-output (the keyboard, mouse and touch screen) or WiFi. And all of this runs on the same secure foundation — including secure boot and user data encryption — that we expect from Chrome.

Chrome and Android getting together should prove to be good for both

This is a big deal. Not because Android is insecure (until we change settings and make it insecure), but because Chrome is very secure and nobody wants this to change. Adding another software stack with direct access to the hardware, no matter how well-coded and secure that software stack may be, is a risky move. You potentially double your chances for unintended bugs, and there are a lot more avenues of attack for malware or unauthorized access. During the Q&A after the I/O session (catch the replay here), we heard how important security was to the Chrome team while this was in development. That makes sense — why spoil a good thing, right?

For education, enterprise and other managed use-cases (where Chromebooks are selling the highest) administrators will be able to block the installation of Android apps completely for even tighter control of both the security and how the device is used.

I think we all can agree that Chrome is important to Google. I hold the unpopular opinion that Chrome is Google's most important product and the one with the most promise, but nobody can deny that Google cares about Chrome and is willing to invest money and time into the platform. Knowing that going forward your Chromebook will stay the easiest and most secure way to compute, and you'll have all the great apps you already use on your phone at your disposal.