> So your threat model is that you can't trust the device itself?
Yes. I don't trust a phone OS where I lack root privileges. And I entirely don't trust the baseband.
> If that's your threat model, you'd probably need a phone with hardware kill switches.
Yes. Or with disabled GPS, baseband and WiFi. And with Internet connectivity via external WiFi router, or cellular modem/router.
> Also, if you can't trust the device itself, why would you be carrying the device around? What would you use it for?
I'd use it as a phone. Albeit just using VoIP.
And if I had all the iffy stuff in a separate device, connected via USB, I could trust the phone as much as I trust the host machine I'm using now.
I mean, I'm working in a Debian VM that hits the Internet through a nested VPN chain. And the Debian host has no access to GPS or WiFi. So I'd want to replicate that on a phone.
Yes. I don't trust a phone OS where I lack root privileges. And I entirely don't trust the baseband.
> If that's your threat model, you'd probably need a phone with hardware kill switches.
Yes. Or with disabled GPS, baseband and WiFi. And with Internet connectivity via external WiFi router, or cellular modem/router.
> Also, if you can't trust the device itself, why would you be carrying the device around? What would you use it for?
I'd use it as a phone. Albeit just using VoIP.
And if I had all the iffy stuff in a separate device, connected via USB, I could trust the phone as much as I trust the host machine I'm using now.
I mean, I'm working in a Debian VM that hits the Internet through a nested VPN chain. And the Debian host has no access to GPS or WiFi. So I'd want to replicate that on a phone.