Even if you could setup a VM-like environment, you are
wasting your time. First, you can't hack the 2nd cpu in the phone,
which is the one that does the cell-tower comms, and how the
backdoors can be loaded into the phone, and secondly, they
don't really need to do the backdoor route because your data
traffic is what reveals most of the info they are looking for.
The only way to secure a cell phone is to place it in a faraday cage,
embedded in concrete, and deep-sixed in the ocean.