I have been wondering if this is possible at night in bed…how could mobile devices + whonix could be used in conjunction to make peoples lives more private
Mobile devices are such a massive portion of the market. It isn’t realistic for regular people to be installing graphene and buying the newest pixel.
I think that whonix on the host as the OS, and whonix on the phone are things that could really create some value to regular people
Not everyone wants to install qubes/kvm, windows/mac come with their privacy problems (backdoors, etc). But it’d be nice if there was a way people could boot whonix on a phone without too much bullshit involved…a flutter app or something perhaps
But it looks awful. Far most mobile devices (phones and tablets) owned by most people are unfortunately locked down appliances which don’t allow any virtualization to run and therefore don’t allow to run Whonix by extension.
No phone we know on the current world support virtualization/running
hypervisor (similar to PCs). Running Android/Linux or GNU/Linux on X
hardware/device…etc doesnt mean/equal that the hardware support all
features available on a normal PC.
Kicksecure can be available for phones not whonix.
I would highly suggest you read their FAQ for an very detailed (and fair) explanation as to their selected supported devices.
It seems their choice of Pixel phones isn’t because of any reason other than pure merit since they are currently the only phones on the market that meet acceptable standard. Mind you acceptable doesn’t mean rigorous, rather that are simply the best currently available.
Regarding whether the phones cost prohibitive, that may be the case for the latest versions but buying them is not necessary. In their FAQ you can see their minimum support lengths where a Pixel 6a which is substantially cheaper than the Pixel 7’s will be supported by OEMs for pretty much the same time frame (Q3 2027). Even the Pixel 6’s will be supported till Q3 2026.
Additionally, in terms of security implications, all the Pixel 6’s and 7’s appear use the same Tensor SoC and and so there is little if any hardening compromise buying older 6th generation devices.
Overall, I think if you can get a Pixel 6a or 6 at a reasonable price in your region, GrapheneOS would be an excellent option. Even buying a Pixel 5a would give you OEM support till Q3 2024.
Finally, GraphenoOS has also historically provided extended support releases for devices no longer receiving updates from OEMs, buying users some additional time to transition to newer devices.
In my opinion, currently orbot is probably the best option given until we can get phones with verified boot of the quality of GrapheneOS (see for example it’s pioneering use of fs-verity).
I hope that the success and open source nature of GrapheneOS will hopefully lead to other projects like pinephone etc. to adopt some of their practices while allowing the user to relax some of the hardening if they so choose. I think only then would running KVM be considered sensible for serious use-cases (as opposed to fun experiments).