| > So your threat model is that you can't trust the device itself? Yes. I don't trust a phone OS where I lack root privileges. And I entirely don't trust the baseband. > If that's your threat model, you'd probably need a phone with hardware kill switches. Yes. Or with disabled GPS, baseband and WiFi. And with Internet connectivity via external WiFi router, or cellular modem/router. > Also, if you can't trust the device itself, why would you be carrying the device around? What would you use it for? I'd use it as a phone. Albeit just using VoIP. And if I had all the iffy stuff in a separate device, connected via USB, I could trust the phone as much as I trust the host machine I'm using now. I mean, I'm working in a Debian VM that hits the Internet through a nested VPN chain. And the Debian host has no access to GPS or WiFi. So I'd want to replicate that on a phone. |