Sshfs into Whonix-Workstation Advanced Documentation GNUnet Previous page: Sshfs into Whonix-Workstation Index page: Advanced Documentation Next page: GNUnet Anbox - Run Android Applications and Games

This page is archived.

https://anbox.io/ redirects to https://github.com/anbox which says it is deprecated.

Anbox allows Android applications and mobile games to run inside Whonix.

Introduction[edit]

COMMUNITY SUPPORT ONLY : THIS WHOLE WIKI PAGE is only supported by the community. Whonix developers are very unlikely to provide free support for this content. See Community Support for further information, including implications and possible alternatives.

Installation[edit]

To use Anbox with Whonix, apply the following steps.

1. Follow the general Kicksecure^™ specific instructions.

Redirection to Kicksecure Documentation

Incomplete: This wiki page is incomplete by design. It only includes details specific to Whonix. For full understanding, please follow the link below to the Kicksecure wiki, which provides more complete background and instructions.

Introduction: Whonix Documentation Introduction, User Expectations, Footnotes and References, User Expectations - What Documentation Is and What It Is Not
Whonix is based on Kicksecure^™: Whonix is built on top of Kicksecure. This means it uses many of the same security tools, design concepts, and configurations.
Kicksecure is based on Debian: Kicksecure is developed using Debian as its base. Debian is a widely used, stable, and free Linux operating system.
Inheritance: As a result, Whonix is also based on Debian.
Debian is GNU/Linux-based: Debian is built using the GNU/Linux operating system. GNU provides essential tools and Linux is the system’s kernel (core).
Shared documentation benefits: Since each system is based on the one below it, a lot of documentation and guides are shared. This reduces the need to duplicate information.
Inherited documentation: Most instructions and explanations are inherited from Kicksecure or Debian, unless otherwise specified.
Shared principles: The systems share similar security goals and setup instructions. In most cases, users can follow Kicksecure documentation when using Whonix.
Keep using Whonix: This does not mean users should switch to Kicksecure. This page only points to related, helpful information.
Where to apply the instructions: Follow the instructions inside Whonix unless specifically stated otherwise.
Wiki editors notice: This information is pulled from a reusable wiki template: upstream_wiki. (See which pages use this.)
Comparison: Whonix versus Kicksecure
Documentation compatibility: Because Whonix is based on Kicksecure, you can often follow Kicksecure’s instructions as long as you apply them in the right place.
Summary: Whonix is built on top of Kicksecure, which itself is based on Debian. Debian is a GNU/Linux operating system. This layered design means Whonix inherits many features, tools, and documentation from both Kicksecure and Debian.
Click here: Visit the related page in the Kicksecure wiki for full documentation and background:

Anbox

Note: Re-interpretation...

Apply the instructions inside Whonix, not inside Kicksecure.

Kicksecure: Perform these steps inside Kicksecure.

Instead, apply the steps inside Whonix-Workstation.

Kicksecure for Qubes: Perform these steps inside Qubes kicksecure-17 Template.

Instead, use the whonix-workstation-17 Template for these steps.

2. Follow Whonix specific instructions.

3. Done.

Other Whonix specific notices can be found below.

Anbox Configuration[edit]

Derivative Specific[edit]

Disabling Whonix-Workstation^™ Firewall is unfortunately required. Otherwise there would be no network access. ^[1]

Warning:

This reduces security! Especially when using multiple Whonix-Workstation behind the same Whonix-Gateway^™.
- Still no risk of clearnet IP leaks. ^[2]

1. Inside Whonix-Workstation.

(Qubes-Whonix^™: inside StandaloneVM (better!) or Template).

sudo systemctl mask whonix-firewall

2. Disable systemcheck in Whonix-Workstation Firewall.

Open file /etc/systemcheck.d/50_user.conf in an editor with root rights.

Select your platform.

See Open File with Root Rights for detailed instructions on why to use sudoedit for better security and how to use it.

Note: Mousepad (or the chosen text editor) must be closed before running the sudoedit command.

sudoedit /etc/systemcheck.d/50_user.conf

NOTES:

When using Qubes-Whonix, this needs to be done inside the Template.

sudoedit /etc/systemcheck.d/50_user.conf

After applying this change, shutdown the Template.
All App Qubes based on the Template need to be restarted if they were already running.
This is a general procedure required for Qubes and unspecific to Qubes-Whonix^™.

This is just an example. Other tools could achieve the same goal.
If this example does not work for you or if you are not using Whonix, please refer to this link.

sudoedit /etc/systemcheck.d/50_user.conf

Paste.

systemcheck_skip_functions+=" check_whonix_firewall_systemd_status "

Save.

3. Reboot.

This is required to unload Whonix-Workstation firewall rules and to have Anbox load its firewall rules.

sudo reboot

Android x86 as a Workstation[edit]

There are both distinct advantages and disadvantages of running Android applications in Android x86 Workstation. ^[3]

Table: Android x86 Workstation Advantages and Disadvantages

Category	Notes
Bootloader / Ramdisk	It is possible to use Magisk to achieve root permissions and hide root from applications on Android x86. ^[4]
Flexibility	It is possible to use `adb` if Android x86 uses the same internal network as the Gateway and Workstation. ^[5] Root access - Android x86 has a pre-installed superuser binary and manager so root access works out of the box. Applications with root access will work without any additional setup.
Networking	Android x86 provides a virtual Wi-Fi interface (`wlan0`) so applications think that a real Wi-Fi connection is established (Anbox uses a bridge network interface).
Operating System	The full Android stack implemented as Android x86 is a full operating system which requires hardware virtualization.
Security	This configuration is less secure than utilizing a Whonix-Workstation. ^[6]
Software	Any version of Android from 4.x to 9.x can be installed.
Speed	This configuration is slower than anbox installation as Android x86 VM does not provide any type of Guest Additions meaning no graphic card drivers are supported.

To check running anbox within kicksecure (same applied for Whonix-Workstation) check Anbox inside Kicksecure ™ Advantages and Disadvantages

Forum Discussion[edit]

Footnotes[edit]

↑ This is because Anbox comes with its own bridged network. Whitelisting that interface in Whonix-Workstation firewall is undocumented and might require source code modifications. Patches are Welcome.
↑
↑ https://forums.whonix.org/t/integrate-anbox-into-whonix-workstation/9642
↑ Some individuals have already achieved this.
↑ Also, it may be possible to run ssh-server on Whonix-Workstation and connect the Android x86 through Termux or similar.
↑ Although it may have more flexibility, as static IP connections on the Android x86 Workstation have been accomplished.

Whonix

The most watertight privacy operating system in the world.

Dark mode

Supported by Power Up Privacy

Whonix is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!

[1] This is because Anbox comes with its own bridged network. Whitelisting that interface in Whonix-Workstation firewall is undocumented and might require source code modifications. Patches are Welcome.

[2] 
Whonix Security Overview

purpose of Whonix-Workstation firewall

technical details why firewall even without firewall Whonix is still leak-proof

Forum discussion: When I turn off the Whonix-Workstation™ Firewall, am I still safe?

[3] Whonix Security Overview

[4] urpose of Whonix-Workstation firewall

[5] technical details why firewall even without firewall Whonix is still leak-proof

[6] Forum discussion: When I turn off the Whonix-Workstation™ Firewall, am I still safe?

[3] ttps://forums.whonix.org/t/integrate-anbox-into-whonix-workstation/9642

[4] Some individuals have already achieved this.

[5] Also, it may be possible to run ssh-server on Whonix-Workstation and connect the Android x86 through Termux or similar.

[6] Although it may have more flexibility, as static IP connections on the Android x86 Workstation have been accomplished.

[1]

[2]

[3]

[4]

[5]

[6]

Anbox - Run Android Applications and Games

Contents

Introduction[edit]

Installation[edit]

Anbox Configuration[edit]

Derivative Specific[edit]

Non-Qubes-Whonix^™

Qubes-Whonix^™

Others and Alternatives

Android x86 as a Workstation[edit]

Forum Discussion[edit]

Footnotes[edit]

Navigation menu

Anbox - Run Android Applications and Games

Introduction[edit]

Installation[edit]

Anbox Configuration[edit]

Derivative Specific[edit]

Non-Qubes-Whonix™

Qubes-Whonix™

Others and Alternatives

Android x86 as a Workstation[edit]

Forum Discussion[edit]

Footnotes[edit]

Navigation menu

Search

Non-Qubes-Whonix^™

Qubes-Whonix^™