Genymotion in Whonix

Userresu2 · November 7, 2016, 10:43pm

Can i install Genymotion in whonix?

Ego · November 7, 2016, 10:58pm

Good day,

If they offer a version compatible with Debian, there shouldn’t be any issue with that.

Have a nice day,

Ego

Userresu2 · November 7, 2016, 11:19pm

Will it save anonymity from the whonix? Need I setting system for it?

entr0py · November 8, 2016, 12:41am

You can but you might not have network access. Many Android emulators do not support static IP addresses. If that’s the case for Genymotion, you have several options to work around that:

DHCP server in Whonix-Gateway
Set Genymotion’s VM network to NAT and connect machine to a Physical Whonix-Gateway
Use Genymotion with Qubes-Whonix (not sure about compatibility)

Whonix will route your traffic over Tor. It won’t protect you from tracking mechanisms within Android (example: Google Account / Play services).

Beyond this, you’re on your own since Whonix-Android is largely undocumented and unsupported.

If you are willing to try Qubes, I’m currently attempting to get an installation of Android-x86 into a usable state: Redirecting to Google Groups (but it’s not going well…)

HulaHoop · November 8, 2016, 12:33pm

Warning: this leads to a massive attack surface on the GW and the DHCP server may ask clearnet upstream servers for DNS queries which will deanonymize you.

Patrick · November 8, 2016, 2:43pm

Is that a possibility (as I guess) as per caution caused by https://phabricator.whonix.org/T239 since no one deeply understands DHCP or is this already an established fact?

HulaHoop · November 9, 2016, 1:35pm

Fact. AFL uncovered many serious 0days in the DHCP server reference implementation.

Userresu2 · November 11, 2016, 10:50pm

That Android emulators I could be use?

entr0py · November 12, 2016, 4:02am

I don’t recommend using Android for anything serious. Android and iOS are full of fingerprinting vectors and their push notification connections (especially Google Cloud Messaging) are really, really persistent. (Another thread coming about that.)

If anonymity is not important to you, Virtualbox seems to have the best compatibility with AOSP systems. You’ll also want to use a privacy filter like xprivacy and connect to Whonix using one of the methods I listed earlier.

Uh, what was your question?

Crap. I moved DHCP to a DHCP server VM between Gateway & test Android VM after I read this. But the better mitigation would be to use a Corridor VM upstream of Gateway I think.

Patrick · November 12, 2016, 3:46pm

Any reference?

0days perhaps… But the following is another league…

the DHCP server may ask clearnet upstream servers for DNS queries which will deanonymize you.

Is this a possibility or fact?

HulaHoop · November 12, 2016, 9:09pm

https://phabricator.whonix.org/T239#10802