Hi,
I am looking for a way to run Android apps in a secure, isolated, ideally even disposable way, i.e. not installing them on my phone (what my bank and others would love that I do).
I have seen some threads about Android (and Waydroid being insecure) but I am not sure where to start.
Can anyone experienced in this please point me to the right info?
I have done this 8 years ago with Android on PC (x86). You make an HVM template with your netwoking hardware and than you take the hardware away and use Qubes networking. The reason why I stopped is that Android disabled use of Ethernet and only some WiFi cards were supported. It was a mess at the time. You also need a Google account real or straw your choice. I can’t tell you more since I don’t remember.
Just to point to the relevant discussion:
So, am I looking for something currently impossible?
I think so, currently there is no way to do this securely.
With regards to banking apps I would assess modern Android devices to be “reasonably secure”. Security and isolation are provided by the app’s sandbox, which is arguably much stronger than Desktop systems (with Qubes OS as exception). Isolation can be enhanced by features like separate user or work profiles. Of course this all depends on your threat model, device and operating system used.
So why? Is it also about privacy, not just security?
So why? Is it also about privacy, not just security?
Well, privacy is impossible when proprietary hardware with many sensors is running proprietary software in a proprietary network. So, using a VM would at least allow better control for restricting the time and data access, AKA “the qubes way”.