I think that's possibly overkill. Provided the baseband processor is independent of the apps processor, communicates over a managed bus (usb, high speed serial, dedicated dual-port ram), instead of having direct access to main system memory, and the apps processor has the ability to power it up and down at will, you're in a pretty good state and you can still hop on a cellular voice or data network when you want to.
This scenario is true of plenty of smartphones shipping today, but of course it's not something that manufacturers advertise and it's potentially difficult to verify.
One should probably also be concerned about wifi firmware, though smartphone wifi is almost exclusively connected via sdio and not able to directly affect main memory.
The biggest concern in systems where baseband and wifi radios are not-too-deeply integrated is driver bugs where input from those subsystems is overly-trusted or not adequately validated -- of course solid drivers should never trust the hardware, even if not actively malicious, it can be horribly buggy.
Galaxy Nexus did (though that's not particularly recent).
I suspect most Tegra-based devices do -- though they introduced a combo apps/model Tegra 4i last year, which likely shares resources.
Generally if it has a standalone apps processor that's provided by a different vendor than the modem it probably does.
Even with unified apps/modem designs, some newer SoCs are designed to provide isolation between the cores, but from a tinfoil hat perspective that requires you to trust the SoC vendor (and perhaps the fab), so if you're paranoid you'd probably avoid any combo designs.
For those who understand why that's important, what do you think about CM11 on a Samsung Galaxy Player (no GSM), using wifi VPN to a cheap phone/hotspot which does have GSM baseband, e.g. Firefox phone? Or two Firefox phones, if Android apps aren't important?
Without GSM, you only eliminate the excuse for a baseband backdoor. How do you eliminate their motivation for adding the backdoor? What if they put it it another chip connected to the bus?
Some protection against malicious firmware/hardware can come from ARM's IOMMU with an open-source Type-1 hypervisor, but these are not mainstream yet.
Whatever the technical merits of Blackphone, their marketing is increasing awareness of mobile security. If they can prove demand for this category of solution, it will increase security audits of all mobile hardware & software stacks.
> their marketing is increasing awareness of mobile security
That I agree and I really hope that it works. But on that note, I don't like the name Blackphone. When I hear "black" I associate it with nefarious activities; and that meaning suggests that only those with criminal purposes need privacy.
