> Even if the hardware design is better and the baseband is behind some form of MMU it is still capable of sending your location and all your traffic to an attacker.
We could just consider baseband to be on the untrusted side of the network. Without access to anything but the restricted communication channels the worst things it could do is perform some calculations to eat your battery.
Network operator already knows (or may discover) your rough location and has access to your traffic anyway. So, just make sure private traffic's well encrypted and authenticated, and develop the hardware to be capable of provably powering down the whole baseband module when you want it to be off (location privacy). Problem solved.
We could just consider baseband to be on the untrusted side of the network. Without access to anything but the restricted communication channels the worst things it could do is perform some calculations to eat your battery.
Network operator already knows (or may discover) your rough location and has access to your traffic anyway. So, just make sure private traffic's well encrypted and authenticated, and develop the hardware to be capable of provably powering down the whole baseband module when you want it to be off (location privacy). Problem solved.