Concerning privacy, it's the opposite. Android sells all your data, so there is just no privacy there at all. iOS sends at least some data to Apple, so it's better but far from perfect. GNU/Linux collects no data, so it's as good privacy as you can get.
It's different in terms of security, but for most people security of GNU/Linux is sufficient given it's all FLOSS.
By far the biggest exposure you have is NOT from your OS, it is from third-party apps running on it. That is the real risk, and that is the gigantic blind spot open source projects like this have.
They are just not addressing the real problem at all, and they are doing nothing whatsoever to protect you from the real risk.
What you say is true, but in PureOS you only have FLOSS apps in the app store, which hardly will spy on you. If you install spying apps, this is a different problem, not yet solved apart from virtualization.
Also, when the OS spies on you, it's definitely a problem.
Putting aside the fact that simply being open source does not ensure anyone actually audits the source (in fact, most open source is largely unaudited by anyone but the developers themselves), of course limiting yourself to using only a tiny amount of software can make you more safe. But that is not really a reasonable solution to anything. Going down that route, you might as well not use a phone or a computer at all, and be perfectly protected.
People WANT to use software, and the software they want to use will never be available as pure, audited FLOSS. Instead, we need to have ways to let user use software from less trusted sources while still working hard to protect them from it.
Apple does this. They put in tons of effort to give you a way to run untrusted software while retaining some amount of trust that it can't go too far in endangering you.
I find it massively frustrating that these FLOSS projects will not do the same. They will just not even try to protect you.
> Putting aside the fact that simply being open source does not ensure anyone actually audits the source
There is no guarantee, but try to find Android-style malware in F-Droid or in GNU/Linux repositories.
> of course limiting yourself to using only a tiny amount of software can make you more safe. But that is not really a reasonable solution to anything.
This is not the goal here. The goal is switch to FLOSS wherever possible and expand FLOSS alternatives. It starts from a small number of apps, but currently F-Droid has most of what you need already. So I don't see this a a problem, except for very specific needs (or if you are into Facebook and co).
> I find it massively frustrating that these FLOSS projects will not do the same. They will just not even try to protect you.
First of all, anbox is already a thing, and it can definitely sandbox your apps. Second, GNU/Linux phones are just at the beginning and they are already far ahead of the first Apple or Android phones. Expect a revolution there...
> There is no guarantee, but try to find Android-style malware in F-Droid or in GNU/Linux repositories.
The by far biggest reason you won't find it is nobody uses it, so there is no incentive to try. These operations require large audiences to be worth trying.
> Expect a revolution there...
I don't. Because, once again, nobody is even acknowledging what the real problem is. People are patting themselves on the back for doing things that do not really matter, while leaving the barn door wide open for attacks that only do not happen because they are not worth it. I'm not seeing any sign of this changing.
So if one follows your advice to use this instead of iOS, you give up a LOT of privacy protection.
That does not seem like good advice to me.