Oddbean new post about | logout
 VM Burner Phones: Complete Guide

Did you know that you can create a virtual machine of a degoogled android on your desktop Linux PC, to create infinite fast burner phones to isolate spyware apps?

WhatsApp, Telegram, CashApp, Hushed Bitcoin SMS, Facebook,
These apps all worked for me on a VM of LineageOS.

Research by Amnesty International and the Intercept have presented significant evidence that apps such as “WhatsApp” by Meta are vulnerable to “0-click” Pegasus malware that can completely take control and do surveillance your phone without you ever even clicking a link.  This presents the dangers of trusting many apps that do not take the same security precautions as privacy-focused apps from F-Droid.  

However, telling readers of our website to “never install WhatsApp because of corrupt government malware” is usually a non-starter.  So instead, we suggest putting known vulnerable spyware in a virtual machine.

Any Linux distro will do.
You have 2 main choices for virtual machine, Oracle Virtbox and QEMU KVM.
And for the phone OS, you want to do LineageOS.

For VMs, we recommend Lineage, and NOT Graphene and NOT Calyx.
Lineage is better suited for VMs because it’s got an x86 build, while as GrapheneOS has ARM builds that won’t work in a VM without a rebuild from source.  CalyxOS won’t work in a traditional VM, but you could potentially use an Android Studio Developer Kit to recreate it in a test environment.  We do NOT recommend doing this with Calyx as you likely will face technical hurdles with the Android Dev Studio configuration settings, while not getting any clear benefit over just using Lineage.  Remember, the reason people want Calyx over Lineage for physical phones is to lock the bootloader.  This isn’t relevant for a VM.

Virtual Machines

Let’s compare and contrast the 2 VM choices:

Choice 1) Oracle Virtbox
Pro: Oracle is more convenient and easy to setup.   Also it’s easier to have a VPN outside the VM, to prevent IP leaks and manipulate your identity.  While as VirtManager QEMU is forcing you to put it on the router, which is not convenient for the average user.
/
Con: Oracle’s Virtbox is open source for the VM itself, but the copy-paste functionality in the extension pack is not open source.  Even with that “FOSS sacrifice”, I personally had copy-paste issues setting it up.  Also Oracle is a shady company.  They got their company’s name from selling database services to the CIA, and they are heavily involved with the US government’s mass surveillance program.  Previous CEO and current chairman Larry Ellison criticized Edward Snowden saying essentially “nobody was being wrongfully hurt by the surveillance”.

Choice 2) VirtManager QEMU KVM
Pro: KVM is more private being more fully free and open source.  Also this option is more secure.  Technically malware will have a harder time escaping KVM (a level 1 hypervisor), but you’re very unlikely to face VM breakout with malware originally designed for phone baseband modems.
/
Con: Harder to setup.  Even harder to get copy-paste functionality.  And you won’t be able to put a VPN on your desktop, you’ll need an open source router to manage your identity.

Managing Identities

In my personal opinion, VPNs INSIDE the VM phone itself are bullshit and too high risk because these apps all jockey for higher level privileges.  I want the VPN OUTSIDE the VM.  But I’m sure that the internet has enough people who will disagree to curse me out.

Let’s talk about snapshots real quickly.  So while snapshots are convenient, they are NOT good for getting a new identity.  If you don’t believe me, try taking a snapshot, installing Hushed and registering an account, and then rewind the clock by restoring from the snapshot.  When you reinstall Hushed, you’ll find that it recognizes and remembers you.

Instead, the best way to get a new identity, is through the VM’s storage file.  When you first setup Lineage, then save a copy of the file itself (with the same name or it messes up setup) and put it in a different folder.  Then when you want a new identity, delete the original file and setup the VM to point to the new location.  If you want both identities at the same time, for Oracle you need to modify where the entry your VM manager points to.  For KVM, I found it more intuitive to spin up new VMs with different datasets without snapshots.

In summary, if you use Oracle without copy-paste extension pack, you can probably get this up and running in a single day.
Linux → VPN → Oracle Virtbox → Lineage

Or if you hate Oracle, then:
VPN Router → Linux → QEMU VirtManager KVM → Lineage

Reach out to us for help. 
 Thanks for the explanation. Very interesting. 
 Curious how you'd compare to Waydroid? https://waydro.id/ 
 Great post, thanks!