Mobile App Development in PicoLisp - I: Android Basics

Mobile App Development in PicoLisp - I: Android Basics


6 min read

Welcome to a new series, "Mobile App Development in PicoLisp". As the title already tells, this series will explain how to write mobile apps in PicoLisp.

This series builds up on the Web App Programming and Databases series, so it might be helpful to check out those posts - or the PicoLisp documentation - first.

Note that this works for Android only, and you will need a smartphone - or emulator - with Android >= 5.0 and a Arm64 CPU (in case you're unsure: if you have a smartphone built after 2020, it is very likely that your phone fulfills the conditions). Rooting is not necessary.

This post will cover the basics of Android smartphone architecture, because I think it is helpful to understand the concept.

The Android Platform Architecture

Android is an operation system as well as a software platform for mobile devices such as smartphones, tablets and other devices. Android is free software, published by the Android Open Source Project under the Apache License. The company Google is behind Android, which is the reason why most smartphones have the Google Play Store pre-installed and require a Google account. However, depending on your needs, this it is not a must - there are alternative repositories for Android, such as F-Droid that are completely independent from Google.

The Android software stack consists of six main components: The Linux Kernel, the Hardware Abstraction Layer, Native C/C++ Libraries, the Android Runtime Environment, the Java API Framework and the System Apps, organized in five layers.


  1. At its core Android has a Linux kernel and uses the key security features of Unix systems, such as a user-based permission model and process isolation.

  2. On the next-higher level, we have the hardware abstraction layer (HAL) with multiple library modules. Each of the modules interface to a specific hardware component (such as camera or bluetooth). When a framework API makes a call to access device hardware, the Android system loads these modules from the library.

  3. Then we find the Android Runtime (ART), which is the application runtime environment. It translates the bytecode of an application into native instructions for the processor.

  4. On the same level, we have the native Android C/C++ libraries which can be directly accessed to interact with physical device input (Native Development Kit (NDK)) instead of via the Java framework APIs.

  5. The "standard" access to system functions is via the Java API Framework which provides all features to build native apps, for example the view system to build the app's user interface, a resource manager, notifications- and activity managers, and content providers to access data from other apps.

  6. On the top layer, we can find the Android core system apps for email, SMS, calendar, browsing, contacts and so on. The capabilities of these apps can be re-used by developers, and they can also be replaced by external applications.

The Sandbox Principle

One of the key factors for the success of smartphones was to open the devices for apps from independent developers. In other words, anyone can write and publish a smartphone app. At the same time, smartphones collect very sensitive, personal user information, such as contacts, position, microphone and camera access and so on, which makes it very attractive for hackers. One important safety feature to prevent malicious apps from gaining access to all data on the phone is the Android sandbox principle.

The Sandbox builds up on the Linux user-based protection to identify and isolate app resources. Each app is running in their own sandbox, has a unique user ID and runs its own process. By default, apps can't interact with each other and have only limited access to the OS.

Since the sandbox principle is implemented in the kernel, it is not easy to compromise it. However, it is not invulnerable. On the Android documentation page, you can see that the access control sandbox has been getting more and more restrictive which each Android version as reaction to known vulnerabilties:


Writing and Publishing Android Apps

The standard way to write Android apps is using the Android Studio and SDK, which is a rather heavy tool and includes a debugger, libraries, emulators and tutorials. The standard language to write Android Apps is in Java or Kotlin. Other languages, such as JavaScript, can be used most comfortably with the help of frameworks such as React Native or the Ionic Framework.

The finished app can then be published in repositories. The most important source for external apps is the Google Play Store. All apps hosted on the Play Store are checked for basic security features - although you can still find a lot of malware as well. Nevertheless, apps downloaded from a controlled repository such as the PlayStore guarantee a minimum safety that downloaded software has not been manipulated by malicious acters and has a minimum functionality.

The PicoLisp "PilBox"

Now finally, let's come to the point: How can we use PicoLisp to write our own apps? The principle is simple: What we need is a kind of "framework" that makes it possible to access the Java API via PicoLisp by mapping the code to Java.

For this purpose, we can use the PilBox App. It is available in the Google PlayStore and is written in Java. It displays a WebView GUI, and starts a PicoLisp binary compiled for Arm64 CPUs.

The PilBox kernel provides an interface to the Android Java runtime environment. To the PicoLisp code it looks like a remote database, where Java objects are mapped to PicoLisp DB objects, and Java functions and methods are executed via remote procedure calls.


In other words, the PilBox is just a container for our future apps. It comes with some built-in demo apps though, that we will check out in the next few posts.

One big advantage (besides that we can use PicoLisp) is that the heavy Android SDK environment can be avoided, and strictly speaking not even a laptop is required to develop the app (if you are comfortable typing on the phone).

I think this is a very interesting approach for small apps that are mainly written for your own needs. For example, one of the simple demo apps is a step counter that interfaces with the built-in step counter in the phone. Of course, you can use a pre-installed "Health"-App or download a new one, but if you don't want to share your activity with outside parties or have specific ideas how to monitor it, you could simply write your own app.

Next steps

In the next couple of weeks, I plan to cover the following topics:

  • How to install the PilBox,
  • How to connect from other devices (like your PC) to the PilBox for app development,
  • The main components to write your own PicoLisp app,
  • Modifying or expanding the existing demo apps,
  • Writing a new app.

I think it will be interesting, so stay tuned :-)