[throwaway290]

> I'm not even aware of such an attack existing publicly, please link relevant media articles of past attempts, including on Android. Targeted attacks go for the software because it's easier and doesn't leave a trace.

Absence of evidence != evidence of absence. It is technically doable and not that difficult, give a minute or two in private with someone's phone.

> Publicly you have GrapheneOS, privately you have security firms providing secure systems for high profiles which are targets.

Does GrapheneOS protect from part replacement?

Also I mean entire populations, such as prosecuted ethnic minorities or people with political views (cf Uighurs or HK freedom supporters). They also need to live a normal life by the way, where they can use the normal apps and not conspicuously juggle two phones all the time.