Running OpenClaw and Codex CLI Natively on Android via AnyClaw APK

AnyClaw is an APK that bundles OpenClaw and the Codex CLI inside an embedded Linux environment for Android. After installation and a one-time OpenAI OAuth authentication, the gateway and Control UI run locally on the device.

Technical Implementation Challenges

The setup involved significant challenges due to Android's environment:

• Native FFI: OpenClaw depends on koffi, which lacks prebuilt Android binaries. The solution required downloading approximately 20 Termux packages (clang, cmake, make, lld, NDK sysroot) and building koffi from source directly on the phone.
• Binary Patching: The make and cmake binaries had hardcoded Termux paths in their ELF headers, necessitating binary patching before execution.
• Gateway Crashes: On Xiaomi devices, the gateway crashed due to homebridge/ciao (the mDNS library) throwing an AssertionError for Android's ccmni cellular interfaces. OpenClaw's unhandledRejection handler calls process.exit(1) on unrecognized errors. The fix involved patching the minified runner-*.js to catch errors containing "interface" and log them as warnings instead of exiting.
• Device Identity: The Control UI generates tokens via subtle, which Chrome on Android only exposes in secure contexts (HTTPS or localhost). Using http://127.0.0.1 for the gateway URL silently broke functionality. Switching to http://localhost fixed the client side. Additionally, evaluateMissingDeviceIdentity() in gateway-cli-*.js was patched to allow bypass when dangerouslyDisableDeviceAuth is set, as token negotiation failed on fresh installs across different devices.
• DNS Resolution: The Codex native binary is statically linked with musl and cannot resolve hostnames on Android due to the absence of /etc/resolv.conf. A Node.js CONNECT proxy bridges this gap, leveraging Node.js's native use of Android's Bionic resolver.
• Bionic Compatibility Shim: A bionic-compat.js shim patches process.platform from 'android' to 'linux', fixes os.cpus() to handle Android's different /proc/cpuinfo format, and wraps os.networkInterfaces() to return a fake loopback when Android's interfaces throw errors.

Configuration and Usage

• The gateway runs on port 18789, the Control UI on 19001, and the codex-web-local frontend on 18923, all within the app's private storage.
• Authentication uses the existing Codex OAuth token; the access_token from ~/.codex/auth.json is written into auth-profiles.json as an openai-codex:codex-cli profile.
• The default model is openai-codex/gpt-5.3-codex.
• It works on any ARM64 Android 7.0+ device without requiring root access.

This project is useful for developers who want to run OpenClaw and Codex CLI directly on Android devices for local AI coding agent workflows.