Exactly. The whole baseband in your phone is considered "trusted" by the network because you can't easily control it. Don't give the carriers ideas - if they thought they could move to a "ma Bell" style of you leasing the phone from them without ever gaining ownership rights of it, someone would try to! Look at carrier locking, and the world of CDMA, where your phone has to have its ESN (serial number) manually whitelisted to join the network... It's a whole different world from general purpose computing!
The mobile standards are built around the assumption that the baseband does as it's told by the network - your phone's transmit slots get scheduled by the base station, and your phone sits quietly until those slots to speak. This extends to the wider architecture and design of the ecosystem - the user is not "meant" to be in charge of their device in the mobile ecosystem. With the split between AP and CP (application processor and cellular processor), if you put the CP on a suitable bus like USB which doesn't give DMA access, you can build a phone you have sufficient control of (see Pinephone etc).
In the world of SIM, this is back to carrier thinking - they control the SIM as it's "theirs". The keys on the SIM are known only to them, not even to you. You're not trusted to know your own SIM authentication parameters. This can be helpful in some ways, as it makes the threat model different to other systems and you can't unwittingly disclose your keys to someone through social engineering... But it's less helpful as customers generally don't think like security architects who designed this, and end up just having their physical SIM stolen, or their carrier ports their number after social engineering...
Where I'm from, phones were always decoupled from carriers. The carrier sells you a SIM card, that's it. It's on you to buy or already have a compatible phone to stick it into. I don't think any of the big carriers ever offered financing as part of the contract the way US ones do. Also we only have prepaid plans.
It's a shame still that you can't have a 100% open-source phone. I'm the kind of person who believes that all of the humanity's knowledge must be freely accessible to everyone. Including schematics and documentation for every device ever made, including ICs. It's counterproductive when multiple companies have to reinvent the same thing... and then keep it secret like the others.
The mobile standards are built around the assumption that the baseband does as it's told by the network - your phone's transmit slots get scheduled by the base station, and your phone sits quietly until those slots to speak. This extends to the wider architecture and design of the ecosystem - the user is not "meant" to be in charge of their device in the mobile ecosystem. With the split between AP and CP (application processor and cellular processor), if you put the CP on a suitable bus like USB which doesn't give DMA access, you can build a phone you have sufficient control of (see Pinephone etc).
In the world of SIM, this is back to carrier thinking - they control the SIM as it's "theirs". The keys on the SIM are known only to them, not even to you. You're not trusted to know your own SIM authentication parameters. This can be helpful in some ways, as it makes the threat model different to other systems and you can't unwittingly disclose your keys to someone through social engineering... But it's less helpful as customers generally don't think like security architects who designed this, and end up just having their physical SIM stolen, or their carrier ports their number after social engineering...