This is the first hands-on Cellrox review in existence.

Recently I spent a few weeks using an Android phone that featured dual persona enterprise mobility management technology from Cellrox. Cellrox uses virtualization to provide separate environments for work and personal usage.

Recently I spent a few weeks using an Android phone that featured dual persona enterprise mobility management technology from Cellrox. Cellrox uses virtualization to provide separate environments for work and personal usage. Overall I enjoyed it was a good experience, but I want to set the proper context for the review before I dig into the details, since virtualized dual persona devices are bound to bring up some strong opinions.

The role of specialty dual persona Android devices

One of the goals of enterprise mobility management technology is to keep corporate apps and data separate from personal apps and data, so the corporate things can stay secure and the personal things private. Since the Android operating system is open source and can be freely modified, there are several companies that are working on versions that have work/personal separation built in—a.k.a. dual persona devices. Cellrox is one of these companies, and they do this by providing multiple virtualized user environments. The thing to remember about all of these solutions, though, is that they’re limited to specific specialized Android devices.

If you’re an IT admin that’s tasked with supporting BYOD or all sorts of different devices that show up in your environment, you might not think these dual persona Android devices are a big deal. Accommodating all these specialized features can be a lot of extra work, and you might just choose to take a more app-centric approach so you don’t have to worry about Android fragmentation. (To read up on Android management fragmentation, look here, here, and here.)

However, there are still plenty of places where security requirements or other factors mean that IT is managing a homogenous environment of corporate-issued devices. For these use cases, a specialized dual persona Android device has a lot to offer all parties involved. For IT, such a device could offer advanced security and management features that aren’t on typical smartphones. For end users, a dual persona device could mean that it’s no longer necessary to carry two phones, and that they’re free to install personal apps on work phones. Plus, since we’re talking about Android devices, users get to access a full range of apps.

I think these specialized Android solutions are a place where we’ll see some interesting competition develop. Samsung Knox and VMware Horizon Mobile are out already, and besides Cellrox, other solutions in development include Red Bend, OKLabs, and LG Gate.


The one caveat for this review is that the Cellrox device was the very first dual persona Android device that I’ve used for more than 30 seconds, but you have to start somewhere.

Cellrox provides multiple personas using a form of virtualization that’s somewhere between a type-1 and type-2 hypervisor. The hypervisor-like layer (which Cellrox calls a ThinVisor) runs on top of a single shared kernel, and can host multiple virtualized user environments. If you want to read more about the technology, Cellrox has a white paper, or you can also check out the original Columbia University research project upon which it’s based.

The phone that I used for my review was a Google Nexus 4. (Since Cellrox involves a specialized Android image, for now it has to be used on a developer device with an unlocked bootloader.) Aside from the fact that there were actually two environments on the phone, everything about the experience felt like plain, unmodified Android. 

The phone was activated, but since it was a GSM phone I couldn’t use it with my primary Verizon line, so I directed my Google voice number to it instead. In the personal environment I synced my Gmail, Google Calendar, and contacts; I installed a handful of personal apps; and I changed the wallpaper and a few other settings. I had my TechTarget Exchange account synced to the work persona, but otherwise didn’t make too many changes there.

There were several ways to get back and forth between personas: you could double tap the home button, tap the corner of the notification bar, install a switching widget, or swipe to either one from the lock screen. Cellrox also lets you install shortcut icons that open directly into apps in the other persona—for example, I could access my work email directly from my personal home screen, with just a single tap.

Switching back and forth is where a dual persona experience could get messed up, but the shortcuts and variety of switching mechanisms kept things pretty straightforward. I made enough shortcuts so that I could do what I needed to do without any trouble or second thoughts. I’m used to keeping my work and personal email accounts in separate apps, so switching back and forth was no problem there, either.

When I was within either persona, it felt just like any other Android experience, and there was nothing non-native to get in the way. Aside from whatever shortcuts you make, there’s nothing that indicates the device is special, except for a small portion of the notification bar that shows the status of the other persona. I never noticed any lag or anything like that, and in the two weeks I had it, the device only froze once, which I feel like is an acceptable range for a smartphone these days.

Here’s a screenshot of the two environments. The icons with blue or orange bars underneath are shortcuts.

The phone came out of the box with a PIN code set on the work side, but since I like to keep people from snooping around my stuff, I set a PIN on the personal side, too. This was a little annoying, because if unlocked the phone in the personal side to check my email, then wanted to check my work email, I’d have to enter that PIN too when I made the switch over. I’d rather have one PIN for the whole thing.

However, Cellrox is quick to point out that just about all of these management features and the behavior of any cross-persona sharing and security features (as well as how the device handles incoming phone calls) can be controlled by the administrator. Depending on how it’s managed, this device can be anything you want it to be. Want a blended, concurrent experience? Make lots of shortcuts and open up sharing between personas. (Actually, now that I think about it, it would be cool if you could set it up so that the home button always returned the user to the personal persona, so that you could get a something like a seamless windows experience.) Or on the other hand, you could disable shortcuts and sharing, and get something that’s more like two phones that happen to be in one piece of hardware.

Unfortunately Cellrox isn’t publishing the full list of cross-persona management options at this time, so if you want to exact details, you’ll have to talk to them. Within the work persona, though, they did show off some management features that rival other manufacturers’ custom Android MDM features, like silently pushing and removing apps and disabling Google play, so you certainly get a lot more manageability than with an average Android device.

One thing that would’ve help my experience would have been an information screen that could list all the policies that were in effect. Sometimes I had to poke around a bit, wondering whether I was doing something wrong or if there was just a policy in place. The only other significant complaint I had was that the process of creating shortcuts was clunky, but Cellrox assured me they’re smoothing this out. Beyond that, everything else about the experience was pure Android, and so there’s not much to say about that—and that’s great for Cellrox, because it means it stayed out of the way.

Cellrox’ place in the the specialty Android market

Since Cellrox is based on a specialized version of Android, it requires cooperation with carriers and manufacturers to actually get it on devices. And like most other specialized versions of Android, Cellrox is planning on opening up the management APIs third-party EMM vendors.

All this means that there are a lot of parties that need to work together—Cellrox, manufacturers, carriers, EMM vendors, IT admins, and end users—and any one of these could potentially get in the way of the highly-adaptable and flexible experience that I think is Cellrox’ strong suit. Just getting the carriers and manufacturers on board is a big task in its own right, too.

One of the things that sets Cellrox apart is that the partnership model is, at this point, more open than other specialized dual persona Android offerings. Samsung Knox is limited to just Samsung devices, obviously, and VMware Horizon Mobile-enabled devices can only be managed with VMware, not other EMM products—both of these are limitations that Cellrox doesn’t have right now.

The final word

As the idea of specialty dual persona Android spreads, we’ll see the marketplace get sorted out—some technologies will float to the top, and others will fade. Again with the caveat that this is the first one that I’ve tried, what I like about Cellrox is that it’s flexible and everything feels native. Let’s hope that once this filters through carriers, manufacturers, and EMM vendors, there’s still just as much flexibility available to IT and end users.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Virtualization that uses a "single, shared kernel" isn't a hypervisor... it is OS Virtualization aka containers.  The Linux kernel has a few flavors of containers... with LXC being native... and a few third-party implimentations by OpenVZ, Google, and Linux-VServer.  Even with LXC there are a few management frameworks that do things differently (LXC, libvirt-LXC, systemd-nspawn, etc).  So I wonder what Cellrox uses.  I would guess LXC with their own framework to manage it.  Maybe I should check out the whitepaper you linked to, eh?


For anyone interested in the history of containers and the various implimentations of them, I recently ran into this video presentation from James Bottomley who is a long-time Linux kernel developer as well as the CTO of Server Virtualization for Parallels.  He makes the case that containers are better than hypervisors for many cloud computing use cases... and along the way he talks about the history of containers for Linux, the various implimentations and some of the userspace management frameworks.  I've been a long-time OpenVZ fan and quite a bit of the info was new to me.  He also briefly mentions Cellrox as an example of containers being appropriate for mobile devices.

Here's the video: