I skimmed the "TAILS Mobile via USB or dual-boot” thread :
https://mailman.boum.org/pipermail/tails-dev/2014-January/004632.html
Ignoring momentarily questions about USB boot :
Can we even secure a mobile device at the application, OS, and network level?
Afaik, there are four candidate mobile Linux distributions : Ubuntu Touch, Sailfish OS, Android/Replicant, and maybe FireFox OS. I suppose iptables could be used to restrict internet access to specific users on any of them, but that’s only the beginning.
Android/Replicant would presumably be a huge task, mostly due to the ecosystem, but even Android’s usage of SELinux rather than AppArmor might complicate matters. An advantage might be if Orweb is already more comparable to TBB than mobile browsers on other systems.
I know zero about FireFox OS but perhaps it depends too heavily on internet connectivity, making any effort pointless. At first blush, Sailfish OS appears to not use tools like SELinux or AppArmor, possibly making that platform messy.
Nathan, et al. were mostly talking about Ubuntu Touch, which apparently uses AppArmor already. Ubuntu Touch’s web browser is based on Google’s Chromium (WebKit), not sure if that’s an an issue. Orbot is also based on WebKit, but not afaik Chromium. And Chromium is famously problematic on the desktop.
Anyways, one approach might be : Get a basic "pre-Tails" system running with AppArmor, tor, chroot, and iptables, on both Ubuntu Touch, possibly with separate Torified and unsafe browsers, but leave aside the critical tasks of actually securing applications, including the Torified browser. And ask Canonical if they want to pay for making their Chromium port, Email client, etc. secure? Of course, the same approach could be tried with Sailfish OS, perhaps in tandem.
There are some political questions like whether Canonical or Jolla is more interested in their operating system running on third party hardware, sees Chinese carriers as a market, etc. Maybe someone who knows that scene more can say? Nathan?
Best,
Jeff