I suspect that here the state of the OS/application loadout will be bad enough that worrying about sneaky BSP tricks will (while not wrong) be a serious failure of perspective; and the BSP will be bad enough that worrying about sneaky firmware tricks will (while not wrong) be a serious failure of perspective; and the firmware will be bad enough that worrying about sneaky hardware backdoors will (while not wrong) be a serious failure of perspective.
There are certainly all manner of more and less witchcraft ways to violate the security guarantees of everything further up the stack if you can slip in hardware that doesn’t always behave as specified; and it’s typically the case that the OS on the application processor(and sometimes sensitive information directly) has a lot of exposure to the black box firmware in the cell modem, DSPs, GPU, etc. that puts a great deal of power in the hands of whoever controls that; but all the cool elegant hacks really aren’t high up your list of practical concerns if ‘Freedom Phone’ is just pulling some variant of what the fine folks at ‘BLU’ did a little while back and farming out control of the OS and applications to Shanghai Adups Technology or an analogous competitor.
