Airgapped smartphone for paranoids

Motivation
The first version
Now It's You

I'm excited to announce the last updates in phoneSetup, a barebones package manager for airgapped Android devices!

Motivation

As said previously in this post Mobile Disappointment, I like the hardware and portability, but not its premise: A always-connected device, with more sensors than my smart band.

I was more than a year using a very outdated DivestOS in this vayu, I liked very much this custom ROM, but sadly it was abandoned by its unique maintainer, and I had to switch the OS.

I was willing to try a more experimental port of GNU/Linux to mobile, as Droidian or Ubuntu Touch, but neither of it supported my device, and I wasn't too interested in porting to it, so I sticked to LineageOS. And coming from Divest, I immediately felt in home.

But I was a long time without ever connecting the device to the internet, and I got used to this peace of mind that a airgapped phone brings, and under these conditions, I was preferring to let go of smartphones than from this shalom.

But as a any software enjoyer, I decided to set a challenge: Configure everything without ever connecting to any network, neither to any intranet.

And that's how this barebones project born.

The first version

This version is a prototype. It was almost fully implemented in its single Makefile, so it's not pretty.

But while building it, I raised some ideas, and my goal is increase its range of uses to let you fetch packages from many package managers, for both phones and computers.

I'm really excited with this because there is a lack of privacy/security solutions for mobiles that aren't another installable APK.

The next steps of this prototype will be scratch more the possibilities, and then bring it to a self-contained binary.

Play with adb.
Get root and tinker deeper.
Identify improvements on (offline) reproducibility.¹

You can see the repo here, thisago/phoneSetup: Airgapped Phone Setup - Codeberg.org
But I'd like to overview the current status of the project.

Features

This first release includes fetching for:

Git repos
Termux .deb packages
Npm packages
Pip packages
F-Droid apps, with lockfile
Regular file downloads (ie, fonts, bootstrap tarballs, etc)

This is pretty much everything I was needing at first setup.

Configuration

All the customization is made from a config.yaml file, which the properties are:

.download.fdroidApps
.download.data
.download.termuxPackages
.download.gitRepos
.download.npmPackages
.download.pipPackages

That's it. You can fetch specific packages, or everything with target all:

make all

Then you can edit the downloaded output, and when everything is alright, let tar handle the rest!

make output.tar.z

You can literally install everything with only a SD Card!

Peek into my Termux

And here's a example of my just setupped vayu. It's has few sharp edges but is already usable!

Everything was transferred only through a SD Card!

PS from the noscript tag: Hey, no worries if you can't enable JavaScript, this is just a embed asciicast (V3) player. Feel free to watch this in your terminal:asciinema play https://blog.thisago.com/static/asciicasts/20260104/phoneSetup-0.1.0.cast

Now It's You

All steps I took to setup was documented into repo's readme, so it's now easy to you!

I really would like to hear your feedback and experiences in isolating mobile devices, wanna you tell me? =)

Footnotes:

Because Nix-On-Droid has a good premise, but not fit for fully offline devices.

thisago's blog