The thing is, this whole debate is happening above the baseband. Linux phones (Librem 5, PinePhone) tried to solve this and went nowhere, you can open-source everything above the modem, but the GSM/LTE protocol stack is still a proprietary blob with DMA access to your main memory. It's basically a second computer in your phone that's directly addressable by carrier infrastructure, and nobody gets to audit it. Doesn't matter if you're running iOS, Android, or postmarketOS. Qualcomm/MediaTek own that layer and it's not changing anytime soon.

Agree. Peoples are trusting App with unknown source code & delivery path, infrastructure controlled by 3rd party. Application cannot protect against OS and OS cannot protect against HW. Too many known unknowns. Seek the arguments how and why OTF got re-funded last time.

And yet iOS is probably the most secure mobile platform for secure messaging. Especially in lock down mode.