Interesting read. However, "secure" is difficult to make bullet-proof. I can be very well designed (like it seems in that case), but there are still some non-controlled attack surface. From what I understand from the Image 2 (page 12 in https://zipperglobal.com/whitepaper.pdf), both are on top of the same linux kernel (I don't see the use of the hypervisor by the way if that is not a mistake in the image). From talks of Greg Kroah-Hartman himself, we can see how much of the code in Android's linux kernel is out of tree (millions of lines), and never reviewed. Root exploits are well known. On other platforms, there is said to be 2 and half kernel below the hypervisor in recent talks (the famous Intel ME case), so the hypervisor may not be the lowest level depending on hardware, and a lot can go wrong below it. A lot of modems integrated in mobile chips have direct RAM access (which give Neo900/Purism solutions a selling point), and probably contain backdoors or at least vulnerabilities. On another side, this container files are on the same disk as the Android/Sailfish system is, so there can be also exploits in filesystems drivers that can leak things there. So, it is probably the best solution possible so far, and Stskeeps is someone I could trust on this, but I always take with a pinch of salt all things that are marketed as "secure" (macOS was probably presented with a "secure" login screen a few days ago ). Nice to see you back, Stskeeps. Good luck with this project !