There are zero operating systems you can install on modern smartphone hardware that give you full control of your phone.
Even the most open of Android Roms still require giving a bunch of proprietary drivers, firmware, and applications root access for the most basic of hardware functionality.
A major reason I gave up on phones and got a tiny laptop to run qubes on.
There's a difference between avoiding the very-real tracking for targeted advertising that companies like Google do, and the paranoia that your camera blobs are tracking you just because they're proprietary.
> proprietary [...] firmware
Your tiny laptop has this too.
> proprietary [...] applications
There are plenty of AOSP-derived ROMs without this.
Show me even one AOSP based ROM that does not ship with proprietary software that runs on modern hardware.
The vendor partition is a black hole of poorly understood and mostly proprietary garbage that can do whatever it wants.
Also if you do not ship your ROMs without OMA-DM and similar malware, you are not even permitted to connect to some cell networks.
There are a comical number of apps and blobs copied from the vendor partition of stock roms to make most of those "open source" roms function on recent devices.
Not Android but I think PinePhone and Librem 5 meet your standards. AFAIK they have proprietary WiFi/BT firmware, but they use virtualization (IOMMU) to protect themselves from it. I don't see how that's fundamentally different to your Qubes laptop.
Also I think you're ignoring my first point. I don't think any of this paranoia is reasonable. Unless you're being targeted by state actors, none of it is necessary to fill a reasonable definition of "controlling your device." This is all in response to an article about a child who doesn't like phones because he doesn't like social media. The adtech machine that powers social media is pervasive and it has its fingers in proprietary smartphone OSes, but it doesn't have its fingers in AOSP ROMs like GrapheneOS, so installing one of those is an easy and achievable way of avoiding it. Whether it's possible to remove every last drop of proprietary software is a side-issue here.
For context, I run a security consulting firm focusing on high risk clients like fintech firms and my job is quite literally defending my clients from sophisticated adversaries which includes state actors. Your threat model is not my threat model.
Degoogling and solving for privacy from corporations makes CalyxOS a great option for many, but privacy and security against actors willing to more blatantly violate laws is not as easily an attainable goal on Android sadly. I spent months building the aosp-build project and compiling and signing my own AOSP roms from scratch but even then there are just an insane number of blobs with way too much power to ever be able to trust.
Binary blobs with root access to my devices is a non starter for my privacy goals, free software preference, and threat model. QubesOS is about the only OS that suits my requirements, and even then it only runs on hardware that is hard to trust. Ideally it can be ported to my ppc64le Talos workstation soon.
All of that is only half the reason though. I was addicted to connectivity and over reliant on tech to live my life. Giving up my phone means not having constant bombardments of information and notifications and distraction making it difficult to be present in and enjoy the real world. When I walk away from my desktop computers, or leave my home, I am offline.
The ability to confidently navigate the real world and be comfortable in my own head with minimal tech took a while to build, but it feels like a superpower now. I have no interest in going back. Giving a phone to a kid feels like child abuse to me now given how much control I feel I have over my own brain again. I want that for others, especially kids.
I would maybe carry a Precusor when it gets a matrix messenger as a single purpose wifi only device I use to coordinate with people at events, but in no rush.
> I was addicted to connectivity and over reliant on tech to live my life. Giving up my phone means not having constant bombardments of information and notifications and distraction making it difficult to be present in and enjoy the real world. When I walk away from my desktop computers, or leave my home, I am offline.
Why didn't you (want to) do this with your phone? Couldn't you turn off notifications, leave it on your desk, maybe leave it at home? Was it too much of a temptation at all?
100%. I have plenty of insider knowledge here I sadly cannot share, but search for supply chain attacks and the sheer number of public headlines of known attacks can keep you busy for days. State actors are constantly trying to get footholds in software supply chains, and often succeed.
Consider Intel ME firmware is a literal well documented backdoor we do not allow on US government systems... only civilians.
Most of the time our adversaries do not need to be covert enough to mess with firmware. Consider OMA-DM apps that run on most phones with insane permissions taking orders from cell towers.
We cannot even keep public open source repos like NPM free of supply chain attacks. Proprietary blobs make it that much easier to hide things.
Also all you need to backdoor every encrypted messenger is a kernel module that ensures /dev/urandom is a bit less random on the devices of targeted dissidents and journalists. Now look at how many proprietary blobs from piles of random vendors we load into modern phone operating systems, even "open" android roms, and think about SolarWinds for a second.
Even the most open of Android Roms still require giving a bunch of proprietary drivers, firmware, and applications root access for the most basic of hardware functionality.
A major reason I gave up on phones and got a tiny laptop to run qubes on.