Whonix Mobile Operating System

Old bump, random thoughts:

I have been wondering if this is possible at night in bed…how could mobile devices + whonix could be used in conjunction to make peoples lives more private

Mobile devices are such a massive portion of the market. It isn’t realistic for regular people to be installing graphene and buying the newest pixel.

I think that whonix on the host as the OS, and whonix on the phone are things that could really create some value to regular people

Not everyone wants to install qubes/kvm, windows/mac come with their privacy problems (backdoors, etc). But it’d be nice if there was a way people could boot whonix on a phone without too much bullshit involved…a flutter app or something perhaps

1 Like

Was also often wondering.

That is both for sure.

Keeping track here of options:

But it looks awful. Far most mobile devices (phones and tablets) owned by most people are unfortunately locked down appliances which don’t allow any virtualization to run and therefore don’t allow to run Whonix by extension.

General Threats to User Freedom chapter War on General Purpose Computing in Kicksecure wiki

Tor Browser for Mobile already exists.

I don’t see how Whonix could provide any alternative or more value than that. It could in theory if something similar to Whonix could run on mobile devices but most are locked down so it’s impossible.

Also Whonix is a strong brand.

Quote Whonix homepage:

The Everything Tor OS. All internet traffic is routed through the Tor anonymity network. No exceptions. Whonix is the “All Tor Operating System”.

It seems to be if Whonix Mobile wouldn’t provide similar strength, that wouldn’t really be Whonix. That would be an entirely different project.

Maybe virtualization one day will come to stock ROM Android with pKVM. Then there might be at least a theoretic way to implement Whonix Mobile.

Meanwhile, the only option I can see is a niche project. Using hardware were user freedom is unrestricted to install. I.e. won’t run on most Android (let alone iPhone) devices.

So yeah, I don’t have a solution and I don’t foresee that either since this is on my mind for years.

Should there be any positive developments, these will certainly be posted here and also a news would be posted once there is something tangible. → Follow Whonix ™ Developments

1 Like

Have you read about the pinephone at all?? Just a thought

People have successfully ran linux on it. Also purism has a Linux phone.

Probably difficult, but perhaps possible :slight_smile:

No phone we know on the current world support virtualization/running
hypervisor (similar to PCs). Running Android/Linux or GNU/Linux on X
hardware/device…etc doesnt mean/equal that the hardware support all
features available on a normal PC.

Kicksecure can be available for phones not whonix.

Mycobee via Whonix Forum:

Thank you for your input. I do not know about most of the stuff below the OS.

That said, I wonder if it possible to strip whonix down in to a container then…if there is a kernel, perhaps the containers could share the kernel? LXC perhaps :thinking:

If you can run a host OS…then a headless container for the gateway, and workstation container with GUI

Are you sure about this?

In how far is pinephone hardware locked down or lacking hardware features?

A search term for pinephone kvm comes up with a lot search results

Or librem 5? I cannot easily find any reference stating that their processor lacks virtualization support.

I am not sure what hardware requirements containers have specifically on ARM.

But not sure it’s even an important point to research that? As per:

How about pinephone or librem? I guess the same applies to all alternative mobile phone hardware projects?

Pinephone is significantly cheaper as far as I know. Graphene only supports newer pixels, which can be $500+ USD

Yes none, just because a dev done it doesnt mean it can be done on a
productive level.

In the same reddit post the dev said:

just a PoC that you can do native virtualization on A64 SoC.

Regarding performance, it’s unusable, very slow, no networking,
mouse/keyboard get borked most of the time and forces you to reboot.

There is also frequent BSOD about watchdog timeout.

It looks exactly similar to this post:

just a PoC/fun nothing official.

Same goes for pixel:

Side Note: If by any chance this method easily/normally can be used on
phones in the coming 5 - 10 years this going to work on KVM not any
other hypervisor.

Patrick via Whonix Forum:

I would highly suggest you read their FAQ for an very detailed (and fair) explanation as to their selected supported devices.

It seems their choice of Pixel phones isn’t because of any reason other than pure merit since they are currently the only phones on the market that meet acceptable standard. Mind you acceptable doesn’t mean rigorous, rather that are simply the best currently available.

Regarding whether the phones cost prohibitive, that may be the case for the latest versions but buying them is not necessary. In their FAQ you can see their minimum support lengths where a Pixel 6a which is substantially cheaper than the Pixel 7’s will be supported by OEMs for pretty much the same time frame (Q3 2027). Even the Pixel 6’s will be supported till Q3 2026.

Additionally, in terms of security implications, all the Pixel 6’s and 7’s appear use the same Tensor SoC and and so there is little if any hardening compromise buying older 6th generation devices.

Overall, I think if you can get a Pixel 6a or 6 at a reasonable price in your region, GrapheneOS would be an excellent option. Even buying a Pixel 5a would give you OEM support till Q3 2024.

Finally, GraphenoOS has also historically provided extended support releases for devices no longer receiving updates from OEMs, buying users some additional time to transition to newer devices.

I use graphene already and have a pixel. I think graphene is a great project. I understand why they use pixels and understand how long they are supported.

I don’t need any convincing

But as far as virtualizing a whonix gateway, I think pinephone would be an easier path. Running KVM on a pixel seems like itd be very difficult.

Apologies, my above post was in reply to you (on a graphene mobile device no less lol)

Another thing to note is that whonix is designed with privacy by default. To do that on a graphene phone requires orbot, and is easy to slip up.

Again, to reiterate I think graphene is a great project, but whether or not it is a great project is irrelevant to the question if whonix virtualization is possible on any mobile device.

Fair enough, that makes sense.

In my opinion, currently orbot is probably the best option given until we can get phones with verified boot of the quality of GrapheneOS (see for example it’s pioneering use of fs-verity).

I hope that the success and open source nature of GrapheneOS will hopefully lead to other projects like pinephone etc. to adopt some of their practices while allowing the user to relax some of the hardening if they so choose. I think only then would running KVM be considered sensible for serious use-cases (as opposed to fun experiments).

Not so long ago I had such a thought also. I am sue this could be a vital option especially for those with a slim budget. Great point you make here.

I am not a technical person but thought if Whonix could cooperate with a Custom ROM developer who’s OS can reach a broad user base of various HW. Of course iOS will always be slaking behind. If Whonix could be implemented directly into a Custom ROM I think this could be very interesting.
Regarding HW, not many user have sufficient funds to purchase Pixel or PinePhone.
Just my 2c

1 Like

I have an idea @Patrick…and there could be a million reasons why this wouldnt work that I am eager to hear

What if Whonix Gateways were hosted by volunteers like tor nodes, and hardened mobile OS (workstation) could connect to them in some sort of way?

Perhaps verifiable builds could help with this too in some sort of way…where the mobile device knows it is fully connected to a verified gateway. Or this might could simply happen with some sort of cryptographic handshake even without verified builds.

But imagine if a person could buy any android phone, put a custom hardened and degoogled rom on it that was only allowed to connect to the outside world through a remote whonix gateway somewhere

I guess the more I think about this, the less it makes sense…why not just go directly to Tor. The connection to the whonix box just adds an extra step of IP…

Whonix, gateway, networking, reproducible builds aren’t the issue at all at this point. Even Debian or Kicksecure based is a huge stretch.

The issue is that “99%” of phone hardware aren’t general computing purposes as computers and notebooks are. These phones are locked down appliances without a proper boot menu and permission to install any operating system of your choice.

As long as there’s not even Linux or Debian phones, Kicksecure let alone Whonix phones are far off.

1 Like

What about virtual machines on ios? as far as I know you can already run any linux distro including debian (and by extension kicksecure) using the open source app UTM, according to their site it “is a full featured system emulator and virtual machine host for iOS and macOS. It is based off of QEMU.”

Couldn’t this work in theory? Of course this isnt an easy solution because sideloading on ios is really annoying but now there are many videos of ipads runing windows 11, linux and games so the software itself seems ready to use, the only problem is apple and sideloading

Yeah forget about apple, their products never meant to give freedom outside of what they see (which comes with tons of restrictions) let alone running outside OSs on their ios.

Side note: QEMU support dropped by whonix

In theory almost everything possible, in practice not really.

1 Like