docs/platforms/android.md
OpenClaw-Android.apk from a supported GitHub Release, Getting Started for the Gateway, then Pairing.System control (launchd/systemd) lives on the Gateway host — see Gateway.
Regular final and correction GitHub Releases include a universal OpenClaw-Android.apk and OpenClaw-Android-SHA256SUMS.txt. The APK is built from the release tag, signed with the OpenClaw Android release key, and carries GitHub Actions provenance.
Choose a release that lists both assets, then download and verify that exact tag before sideloading:
release_tag=vYYYY.M.PATCH
gh release download "$release_tag" \
--repo openclaw/openclaw \
--pattern OpenClaw-Android.apk \
--pattern OpenClaw-Android-SHA256SUMS.txt
sha256sum --check OpenClaw-Android-SHA256SUMS.txt
gh attestation verify OpenClaw-Android.apk \
--repo openclaw/openclaw \
--signer-workflow openclaw/openclaw/.github/workflows/android-release.yml \
--source-ref "refs/tags/${release_tag}" \
--deny-self-hosted-runners
scrcpy mirrors an Android screen in a macOS window and forwards keyboard and pointer input through Android Debug Bridge (ADB). This is an operator-side workflow, separate from the OpenClaw node connection. It is useful when the Android device and the Mac are in different locations but share a private Tailscale network.
Install Tailscale on the Android device and the Mac, and connect both to the same tailnet.
On Android, enable Developer options and USB debugging. Android 16 places Wireless debugging under Settings > System > Developer options. See Android developer options.
Install scrcpy and ADB on the Mac:
brew install scrcpy
brew install --cask android-platform-tools
Keep the Android device available for the first connection. Android must approve each Mac's ADB key before that Mac can control the device.
For the initial setup, connect the Android device by USB to a trusted computer and approve its debugging prompt. Then run:
adb devices
adb tcpip 5555
You can now disconnect USB. If port 5555 stops listening after a device reboot or debugging reset,
repeat this local setup step. Android 11 and later can also establish the initial trust with
Wireless debugging > Pair device with pairing code and adb pair.
Tailnets with restrictive grants must explicitly allow the controller Mac to reach TCP port 5555 on the Android device. Add a narrow rule to the tailnet policy, replacing the example addresses with the two devices' stable Tailscale IPs:
{
grants: [
{
src: ["<remote-mac-tailnet-ip>"],
dst: ["<android-tailnet-ip>"],
ip: ["tcp:5555"],
},
],
}
See Tailscale grants for host aliases and other selectors. Do not grant this port to the public internet or expose it with Funnel: an authorized ADB client has broad control of the device.
On the remote Mac:
adb connect <android-tailnet-ip>:5555
adb devices
scrcpy --serial <android-tailnet-ip>:5555
The first adb connect from this Mac shows an authorization dialog on Android. Unlock the device,
confirm the key fingerprint, and select Always allow from this computer only when the Mac is
trusted. A successful adb devices entry ends in device; unauthorized means the on-device prompt
has not been approved.
Once the scrcpy window opens, use it directly or target it with a macOS screen-automation tool such as Peekaboo. scrcpy carries the display and input; Tailscale provides only the private network path.
Connection timed out: verify the tailnet grant for TCP 5555. A successful tailscale ping proves
peer reachability, not that policy permits this TCP port. Test with
nc -vz <android-tailnet-ip> 5555 from the Mac.unauthorized: unlock Android and approve the remote Mac's ADB key, or remove the stale workstation
under Wireless debugging > Paired devices and pair it again.Connection refused: reconnect locally and run adb tcpip 5555 again.--serial <android-tailnet-ip>:5555 argument.When finished, close scrcpy and disconnect ADB:
adb disconnect <android-tailnet-ip>:5555
Android node app ⇄ (mDNS/NSD + WebSocket) ⇄ Gateway
Android connects directly to the Gateway WebSocket and uses device pairing (role: node).
For Tailscale or public hosts, Android requires a secure endpoint:
https://<magicdns> / wss://<magicdns>wss:// Gateway URL with a real TLS endpointws:// remains supported on private LAN addresses / .local hosts, plus localhost, 127.0.0.1, and the Android emulator bridge (10.0.2.2)ws:// endpoints. Use Tailscale Serve or another wss:// URL instead.openclaw CLI available on the gateway machine (or via SSH), to approve pairing requests.openclaw gateway --port 18789 --verbose
Confirm in logs you see something like:
listening on ws://0.0.0.0:18789For remote Android access over Tailscale, prefer Serve/Funnel instead of a raw tailnet bind:
openclaw gateway --tailscale serve
This gives Android a secure wss:// / https:// endpoint. A plain gateway.bind: "tailnet" setup is not enough for first-time remote Android pairing unless you also terminate TLS separately.
From the gateway machine:
dns-sd -B _openclaw-gw._tcp local.
More debugging notes: Bonjour.
If you also configured a wide-area discovery domain, compare against:
openclaw gateway discover --json
That shows local. plus the configured wide-area domain in one pass, using the resolved service endpoint instead of TXT-only hints.
Android NSD/mDNS discovery does not cross networks. If the Android node and the gateway are on different networks but connected via Tailscale, use Wide-Area Bonjour / unicast DNS-SD instead. Discovery alone is not sufficient for tailnet/public Android pairing — the discovered route still needs a secure endpoint (wss:// or Tailscale Serve):
openclaw.internal.) on the gateway host and publish _openclaw-gw._tcp records.Details and example CoreDNS config: Bonjour.
In the Android app:
ws:// still works. For Tailscale/public hosts, turn on TLS and use a wss:// / Tailscale Serve endpoint.After the first successful pairing, Android auto-reconnects on launch to the active paired gateway (best-effort for discovered gateways, which must be visible on the network).
The app keeps a registry of every gateway it has paired with, so you can switch between them without pairing again:
After the authenticated node session connects, and when the app moves to the background while the foreground service is still connected, Android calls node.event with event: "node.presence.alive". The gateway records this as lastSeenAtMs/lastSeenReason on the paired node/device metadata only after the authenticated node device identity is known.
The app counts the beacon as successfully recorded only when the gateway response includes handled: true. Older gateways may acknowledge node.event with { "ok": true }; that response is compatible but does not count as a durable last-seen update.
On the gateway machine:
openclaw devices list
openclaw devices approve <requestId>
openclaw devices reject <requestId>
Pairing details: Pairing.
Optional: if the Android node always connects from a tightly controlled subnet, you can opt in to first-time node auto-approval with explicit CIDRs or exact IPs:
{
gateway: {
nodes: {
pairing: {
autoApproveCidrs: ["192.168.1.0/24"],
},
},
},
}
This is disabled by default. It applies only to fresh role: node pairing with no requested scopes. Operator/browser pairing and any role, scope, metadata, or public-key change still require manual approval.
openclaw nodes status
openclaw gateway call node.list --params "{}"
The Android Chat tab supports session selection (default main, plus other existing sessions):
chat.history (display-normalized — inline directive tags, plain-text tool-call XML payloads (<tool_call>, <function_call>, <tool_calls>, <function_calls>, and truncated variants), and leaked ASCII/full-width model control tokens are stripped; silent-token assistant rows such as exact NO_REPLY / no_reply are omitted; oversized rows can be replaced with placeholders)chat.sendchat.subscribe -> event:"chat"tts.speak with the configured TTS provider chain, and on-device system TTS is used when the gateway cannot render audio. Playback stops on session switch, new chat, app backgrounding, or chat close.To have the node show real HTML/CSS/JS that the agent can edit on disk, point the node at the Gateway canvas host.
<Note> Nodes load canvas from the Gateway HTTP server (same port as `gateway.port`, default `18789`). </Note>~/.openclaw/workspace/canvas/index.html on the gateway host.openclaw nodes invoke --node "<Android Node>" --command canvas.navigate --params '{"url":"http://<gateway-hostname>.local:18789/__openclaw__/canvas/"}'
Tailnet (optional): if both devices are on Tailscale, use a MagicDNS name or tailnet IP instead of .local, e.g. http://<gateway-magicdns>:18789/__openclaw__/canvas/.
This server injects a live-reload client into HTML and reloads on file changes. The Gateway also serves /__openclaw__/a2ui/, but the Android app treats remote A2UI pages as render-only. Action-capable A2UI commands use the bundled app-owned A2UI page.
Canvas commands (foreground only):
canvas.eval, canvas.snapshot, canvas.navigate (use {"url":""} or {"url":"/"} to return to the default scaffold). canvas.snapshot returns { format, base64 } (default format="jpeg").canvas.a2ui.push, canvas.a2ui.reset (canvas.a2ui.pushJSONL legacy alias). These use the bundled app-owned A2UI page for action-capable rendering.Camera commands (foreground only; permission-gated): camera.snap (jpg), camera.clip (mp4). See Camera node for parameters and CLI helpers.
connectedDevice to connectedDevice|microphone before capture starts, then demotes it when Talk Mode stops. The node service declares FOREGROUND_SERVICE_CONNECTED_DEVICE with CHANGE_NETWORK_STATE; Android 14+ also requires the FOREGROUND_SERVICE_MICROPHONE declaration, the RECORD_AUDIO runtime grant, and the microphone service type at runtime.talk.speak through the configured gateway Talk provider. Local system TTS is used only when talk.speak is unavailable.talk.realtime.mode is realtime and talk.realtime.transport is gateway-relay.VoiceWakeMode) but the shipping app runtime always forces it to off on connect — there is no user-facing toggle today.device.status, device.info, device.permissions, device.healthdevice.apps only when Settings > Phone Capabilities > Installed Apps is enabled; it lists launcher-visible apps by default (pass includeNonLaunchable for the full list).notifications.list, notifications.actions (see Notification forwarding below)photos.latestcontacts.search, contacts.addcalendar.events, calendar.addcallLog.searchsms.searchmotion.activity, motion.pedometerThe Home overview includes a Files card that browses the active agent's workspace through the read-only agents.workspace.list / agents.workspace.get gateway RPCs: directory drill-down, text and image previews, and export through the Android share sheet. There are no write operations, and previews are size-capped by the gateway.
Android supports launching OpenClaw from the system assistant trigger (Google Assistant). Holding the home button (or another ACTION_ASSIST trigger) opens the app; saying "Hey Google, ask OpenClaw <prompt>" matches the app's declared App Actions query pattern and hands the prompt into the chat composer without auto-sending it.
This uses Android App Actions (shortcuts.xml capability) declared in the app manifest. No gateway-side configuration is needed — the assistant intent is handled entirely by the Android app.
Android can forward device notifications to the gateway as node.event items. This is configured on the device, in the app's Settings sheet — not in gateway/openclaw.json config.
| Setting | Description |
|---|---|
| Forward Notification Events | Master toggle. Off by default; requires Notification Listener Access to be granted first. |
| Package Filter | Allowlist (only listed package IDs forwarded) or Blocklist (default: all packages except listed IDs). OpenClaw's own package is always excluded in Blocklist mode to prevent forwarding loops. |
| Quiet Hours | Local HH:mm start/end window that suppresses forwarding. Disabled by default; defaults to 22:00-07:00 once enabled. |
| Max Events / Minute | Per-device rate limit on forwarded notifications. Default 20. |
| Route Session Key | Optional. Pins forwarded notification events into a specific session instead of the device's default notification route. |
WhatsApp, WhatsApp Business, Telegram, Telegram X, Discord, and Signal notifications are always excluded. Their messages are already owned by native OpenClaw channel sessions; forwarding the Android notification as a separate node event could route a reply through the wrong conversation.