Run Anbox inside Whonix-Workstation ™
All installation steps inside Whonix-Workstation ™. No modifications of Whonix-Gateway ™ required.
Inside Whonix-Workstation ™.
(Qubes-Whonix ™: inside StandaloneVM (better!) or TemplateVM.
sudo systemctl mask whonix-firewall
Disable whonixcheck of Whonix-Workstation ™ Firewall.
Reboot required. 
Qubes users only.
You probably want to use a StandaloneVM. Otherwise changes would be non-persistent, i.e. lost after VM restart. Instructions on how to make Anbox persistent using a TemplateBased AppVM are not existing yet. (See footnote for experimental instructions. )
Qubes-Whonix ™ requires using Qubes VM kernel [archive].  Users can follow the instructions from the Qubes website Installing kernel in Debian VM [archive] which are equally functional in Qubes-Whonix ™.
It has been reported [archive] that it is required to enable Anbox software rendering [archive] but how to do this in this guide is unknown at this point. The command from previous link probably won't work as this guide does not use snap and it shouldn't use snap either because that would break recommendation Always Verify Signatures since snap does not verify software signatures. 
From Start Menu
Start menu →
From Command Line
anbox launch --package=org.anbox.appmgr --component=org.anbox.appmgr.AppViewActivity
Might want to install F-Droid.
Here are instructions document how to download and verify F-Droid inside Whonix-Workstation ™.
Download F-Droid signature.
gpg --verify FDroid.apk.asc
gpg: assuming signed data in 'FDroid.apk' gpg: Signature made Thu 11 Apr 2019 12:41:19 PM UTC gpg: using RSA key 0x7A029E54DD5DCE7A gpg: Good signature from "F-Droid <email@example.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 37D2 C987 89D8 3119 4839 4E3E 41E7 044E 1DBA 2E89 Subkey fingerprint: 802A 9799 0161 1234 6E1F EFF4 7A02 9E54 DD5D CE7A
Install F-Droid inside Anbox using
adb install FDroid.apk
Files dropped to this download directory are readily visible to apps within Anbox.
- For example, it disables SELinux, a core part of the security model. https://github.com/anbox/platform_system_core/commit/71907fc5e7833866be6ae3c120c602974edf8322 [archive]
- See the dates on the Github repositories. https://github.com/anbox [archive]
anbox-container-manager.serviceexpects this file name.
- These steps are probably not required. Should work out of the box after reboot.
- This is because Anbox comes with its own bridged network. Whitelisted that interface in Whonix-Workstation ™ firewall is undocumented and might require source code modifications. Patches are Welcome.
- To unload Whonix-Workstation ™ firewall rules and to make anbox load its firewall rules.
Does not work yet.
[ 2019-10-14 11:00:41] [launch.cpp:214@operator()] Session manager failed to become ready
1) Increase VM private storage.
Power off the VM.
Add at least 2 GB more private storage to VM. This can be done using Qubes VM Manager (QVMM).
Reboot the VM.
sudo mkdir -p /rw/config/qubes-bind-dirs.d
Create a new configuration file
binds+=( '/var/lib/anbox' )
Reboot the VM.
This results in storing
/var/lib/anboxin the private rather than root image. Thereby changes would persist rather than be lost after VM restart.
Fix file permissions.
Warning: might have security issues
sudo systemctl stop anbox-container-manager.service
sudo chown --recursive user:user /var/lib/anbox
sudo systemctl start anbox-container-manager.service
- Using VM kernel may come with its own challenges currently. https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012 [archive] Since Anbox is implemented using kernel modules.
- https://forums.whonix.org/t/snap-store-snaps-snapcraft-io-a-new-software-source/7631 [archive]
- https://f-droid.org/docs/Release_Channels_and_Signing_Keys/ [archive]
- https://forums.whonix.org/t/running-android-apps-inside-whonix-workstation-anbox-proof-of-concept/7441/13 [archive]
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)