What I need is some kind of restricted app sandbox in which to place untrustworthy apps, they see a fake filesystem, fake system calls, etc.
GrapheneOS comes pretty close to that I think? You can put such apps in a separate profile and cut off a lot of permissions. You can also scope contacts, storage, etc.
GrapheneOS comes pretty close to that I think? You can put such apps in a separate profile and cut off a lot of permissions. You can also scope contacts, storage, etc.