I have over the past years begun migrating everything I use into VMs in order to have: hardware portability easily cloned or backed up with zero drama security isolation (banking and work stuff) and other operational compartmentalization (I have some very heavy lifting data processing projects which have their own libs and daemons, unwelcome in my desktop environments) and this is exquisitely nice. Moving a webservers becomes simply a matter of which box to put it in, zero reconfiguration involved. [I dreaded rebuilding an old Drupal install knowing it would take weeks to get that and all the associated multiple databases hanging on yet another cluster of packages rebuilt. I simply imaged the machine for KVM and copied it onto a KVM host. Open a port and it was a done deal with zero sweat.] Same for my processing work images. We had been using VirtualBox for several years, but this year we have abandoned all that and gone to KVM and it is sweet.
Turn it right-side up running Android apps on top of a linux OS might be an answer, but some uncomfortable thoughts linger. The problem with Halium is that vulnerabilities are cooked into the kernel and services before we even get to the part about running linux software. The flipped side of running Android applications on top of a linux modded to translate Android services sounds okay but what about those services? What might be a "Docker" type of implementation sounds like a solution - the Ubuntu Touch used AppArmor but the way it was implemented was to firewall everything And it fails in certain ways.
Are you sure? I thought the alternative WL1251 Driver was completely open. see: https://david.gnedt.at/blog/wl1251/ Or am I missing something?