Run Debian apps natively on Android 15 without PRoot

Android 15’s latest security update tightened seccomp restrictions, blocking the system calls PRoot relies on to emulate a Linux environment. Developers attempting to run native Debian or glibc binaries on Android suddenly faced errors like Bad system call (SIGSYS) and set_robust_list: Function not implemented. After spending nearly a full workday debugging, one engineer discovered a working workaround that bypasses PRoot entirely. Instead of relying on emulation, this method patches ELF binaries to load glibc directly, enabling true native execution on Termux.

Why Android 15 broke traditional Linux on Android

Android’s seccomp security model acts like a firewall for system calls, restricting what programs can do at the kernel level. With Android 15, this filter tightened further, blocking critical glibc syscalls such as set_robust_list—a function used during initialization to manage thread synchronization. When PRoot tried to emulate these calls, the kernel rejected them outright, causing processes to crash.

Another hidden conflict stems from Termux’s own environment. Every process in Termux loads the libtermux-exec-ld-preload.so library by default. This library expects to find Android’s Bionic libc, not glibc. When a Debian binary attempts to load glibc, the mismatch triggers a crash before execution even begins. Root-based workarounds once resolved this, but Android 15’s seccomp layer now blocks even those paths.

A three-tier solution for running Debian apps

Rather than forcing users into a single workaround, this approach offers three tiers based on device capabilities and needs. Each tier increases compatibility at the cost of added complexity or root access.

Tier 1: Pure native execution (no root required)

This is the simplest and most direct method, ideal for running standalone binaries like Python scripts or compiled binaries that don’t rely on complex dependencies.

1. Patch the ELF binary to point to glibc instead of the system libc.
2. Use LD_PRELOAD= to override Termux’s library injection.

patchelf --set-interpreter /system/bin/echo ./binary
LD_PRELOAD= ./binary

This approach preserves full native performance and avoids any chroot or emulation layer. It works best for tools like Git, curl, or lightweight compilers.

Tier 2: Root-assisted execution (requires root)

For complex binaries with deep dependency chains—think full development stacks like GCC or Bun—root access provides more leeway. A wrapper script runs the binary under root privileges, explicitly setting paths to glibc’s libraries.

su -c "LD_PRELOAD= LD_LIBRARY_PATH=$GLIBC/lib/aarch64-linux-gnu:$GLIBC/usr/lib/aarch64-linux-gnu $GLIBC/usr/bin/binary $@"

The wrapper keeps Termux’s user identity intact while granting access to glibc’s full environment. This tier is ideal for developers who need to compile large projects directly on their device.

Tier 3: Automated package management (smart APT)

For users who want a seamless experience, a custom APT wrapper handles package installation transparently. It prioritizes Termux’s native repositories but falls back to Debian’s packages when needed. Newly installed binaries are automatically patched to ensure compatibility.

apt-get install gcc
# Automatically patches /usr/bin/gcc to load glibc

This tier is best for power users who frequently switch between Android and Linux tooling without wanting to manage patches manually.

Step-by-step setup for Tier 1 users

Before you begin, ensure your device meets the prerequisites: a rooted Android 15 device, Termux from F-Droid, and the patchelf package installed. F-Droid’s builds are preferred because they avoid Google Play Store restrictions that can interfere with root or custom ROM compatibility.

Install Debian rootfs

Start by setting up a minimal Debian environment using PRoot-Distro, a Termux tool that manages chroot environments. This acts as a clean source for glibc libraries and binaries.

pkg install proot-distro rsync
proot-distro install debian

After installation, log into the Debian environment to install essential development tools.

proot-distro login debian -- bash -c "apt-get update && apt-get install -y gcc g++ python3 bun curl make"

Extract and prepare glibc libraries

Copy the entire Debian root filesystem to a native directory accessible to Termux. This avoids chroot limitations and ensures full file permission compatibility.

GLIBC="$HOME/glibc-root"
mkdir -p "$GLIBC"
rsync -a "$PREFIX/var/lib/proot-distro/installed-rootfs/debian/" "$GLIBC/"

Fix symlink permissions automatically

Root-created symlinks can inherit security contexts that block Termux’s user ID from accessing them. A simple Python script rewrites these symlinks to ensure compatibility.

#!/usr/bin/env python3
import os
rootfs = os.path.expanduser("~/glibc-root")
for dirpath, _, files in os.walk(rootfs):
    for name in files:
        path = os.path.join(dirpath, name)
        if os.path.islink(path):
            target = os.readlink(path)
            os.remove(path)
            os.symlink(os.path.join("..", target), path)

Run this script once after extraction to prevent permission issues during execution.

Patch and run your first binary

Choose a binary from the Debian environment, such as /usr/bin/python3, and patch it to use glibc directly.

patchelf --set-interpreter $(which echo) "$GLIBC/usr/bin/python3"
LD_PRELOAD= "$GLIBC/usr/bin/python3" --version

If successful, the Python interpreter should run natively, displaying its version without errors. You now have a working foundation for running Debian binaries on Android 15.

The road ahead: stable native Linux on mobile

While Android 15’s security updates closed many traditional loopholes, they also pushed developers toward more robust solutions. By combining ELF patching, careful library management, and smart dependency resolution, it’s now possible to run full Linux development stacks directly on Android—without cloud servers or fragile emulation layers. As seccomp filters evolve, expect further refinements to these methods, potentially leading to official support for glibc binaries in future Android releases.