Hi Polonus, I understand where you are coming from but I have a question for you.
First, a short introduction:
1. We take a smartphone running Android.
2. We change the firmware
3. We remove all the binaries (including the baseband drivers that allow connectivity to the cellular networks)
4. We recompile Android and install it
Afterwards we pick a number of open-source community developed software and we install them:
5. We install an iptables firewall that allows only some static connections since boot time
6. We install a VPN client that starts at boot and connect to certain static IP. Authentication is made with pre-loaded certificates and pre-loaded credentials
7. We install some peer-to-peer software that allows voice, text and mail, toward other clients. Communication is end-to-end encrypted with symmetric keys, no servers whatsoever.
8. Finally the file system is locked down in read-only mode, without the possibility to change anything in it (including updates), with an air-gap protection approach.
After 12 months we replace the phone anyway.
Yes, the device is stripped off of plenty of its original features, but the goal is to deliver secure, untraceable, anonymous communications.
The approach is the same as the one used with Tails OS or other similar OS made for anonymity and security.
Now, of course I am not asking you to give an opinion and we know that nothing is 100% secure.
But the goal is not obtaining something that is 100% secure, rather than rising the cost of hacking the device to a point in which it becomes more convenient to pursue other forms of interceptions.
Do you think this is a reasonable goal?