"Learn GPG" is neither a useful nor a correct recommendation for people concerned about security; if you believe the device is backdoored, GPG will not save you, nor will anything else.
I've read up on this in the context of potentially backdoored CPUs and there is fundamentally no way. You don't need to trust the router (as you say: a device that just relays data can have all the backdoors you want, thanks to asymmetric cryptography enabling E2EE), but the scenario is that your own device has software from law enforcement on it
In which case, the best you can do is use an obscure method that the attacker is unprepared for. If they've hijacked the AES CPU operation to store the key and include it in the output for a later syscall like when writing the output file, but you unexpectedly use some funky experimental cipher, you'd be lucky until they push an update. The device has a mandatory backdoor after all, so govt can also decide what new code it needs to run now, perhaps under the guise of detecting more situations of terroristic content or whatnot. There's no winning that game except through obscurity, and I presume everyone has heard about how reliable security through obscurity is
He's referring to doing something like using a compromised device to take a photograph of the ciphertext made on a different device or something like that.
You must assume it is backdoored. Cell [smart] phones are the greatest surveillance network the government has ever created.
But, you can use that against them. Your phone doesn't have to always be with you. You can be where you are, and you phone's location can be hundres of miles away.
Current smartphones are already more careful about cell modems than they used to be. And in an ideal world, cell modems would have even less information than they do, and could be (and should be) powered off by the phone until needed.
Imagine an architecture in which you had a pervasive cellular data connection that was intentionally uncorrelated with any identifying information, the way wifi is.
Right now, the only legitimate reason cell networks have to identify specific devices to users is for billing, and for PSTN. The latter could be made utterly irrelevant with VoIP. The former could be solved in various ways, either by making it a public good, or by integrating anonymous payment mechanisms for a "session". Then, we could just have pervasive data connections.
To some extent I agree, but if the modem is off how long latency is acceptable for inbound messages? I suppose a low bandwidth broadcast "user 0x76abc937* has a new message" could work. Devices would filter out broadcasts that don't concern them.
* Ideally the user id should be used only once and derived from some pre-shared secret.
First, in a case closer to the current world, I'm just suggesting that disabling the cell modem should power it off so it can't do any kind of location or tracking.
Second, in a more ideal world, the concept of "data connection" would be entirely separate from any identity attached to a phone or text message, and you could handle the latter via whatever connection you have, whether a cell data connection or wifi or something else.