[microtonal]

I would recommend everyone who wants a clean Android to look into Google Pixel phones. Aside from being mostly bloat-free (and most bloat can be uninstalled), it is one of the few phones that supports unlocking/relocking and a secure open source alternative (GrapheneOS).

[pkaeding]

Does grapheneos prevent this? In what way? I know apps like ShareViaHTTP [1] are able to open ports (listening not just on the loopback address). If I installed a meta app, could it still run its listener that scripts on webpages could talk to?

[1]: https://f-droid.org/packages/com.MarcosDiez.shareviahttp

[microtonal]

I didn't say that. Only that GrapheneOS does not come with any adware/malware preinstalled. That said, their default browser did block one of the attack vectors:

https://grapheneos.social/@GrapheneOS/114620254209885149