The Pinephone is just like every other phone in this respect. The baseband runs a closed blob that talks to the SIM and can send arbitrary SMSes of its own accord.
There are no viable fully open source phones in existence today, particularly the baseband.
The more practical question is around whether those binary blobs can take over your OS, not just do things behind its back. This is what sets apart devices like the Pinephone and Apple M1 Macs (which make an effort to isolate blobs from the main OS running on the AP) from typical Android phones and Intel PCs (which have blobs in hyper-privileged positions that have full access to the entire system).
Yes, I'm putting Apple M1 machines on a similar level as the Pinephone in this respect. How well designed a device is from a security/privacy perspective is tangential to whether the manufacturer markets themselves as an open source friendly company. It turns out Apple have done a great job making sure even their own blobs aren't allowed to take over the system. Once you run you own OS on an M1 machine, you're in a similar security position as on a PinePhone (though not exactly the same; M1s run more blobs, e.g. the display controller, so in principle a colluding set of malicious blobs could do more damage that way, but they still wouldn't be able to directly compromise your OS's execution).
I would put the Librem 5 in this category too. The baseband is treated as untrusted, and isolated in every possible way from the application processor.
Can that closed source blob be bypassed and still allow compatible communication with carrier networks? Or is there some ip or contract nonsense that allows Qualcomm this stranglehold?
This seems like exactly what we dealt with in requiring phone companies to allow dialup modems to connect to whoever the customer wants, and so on. Seems shady as hell.
There are significant regulatory issues involved. In principle it's possible (see osmocombb), but the legal hurdles around actually having user-controlled basebands in a shipping product are significant.
Of course, nothing says the baseband couldn't be open source, and even if codesigning is involved, the manufacturer could sign verifiable builds that can be reproducibly built. That should solve all regulatory concerns while still allowing users to inspect the baseband firmware for flaws or backdoors.
But, of course, no actual baseband manufacturer cares about that.
Besides the technical difficulties (trying to reverse engineer the modem internals and reimplement the firmware with no clear reference; likely encrypted and signed firmwares; etc) there's a good chance there's also legal issues.
If the hardware itself is capable of operating outside of its license (frequencies, modulations, etc), then various certifications from the FCC would likely be invalidated by replacing the firmware and it would become illegal to operate.
I guess I was thinking more in line with SDR or foss hardware and not using Qualcomm at all. I need to do a deep dive, but it looks like there's a couple FOSS 4g LTE and 5g modems around - maybe running a soft phone and personal voip setup would bypass a lot of the security concerns.
It sucks that any time you start to inspect almost any tech, there are assholes trying to exploit every last bit of data and microamp of processing power to screw you in some way.
SDRs are for research and base stations. Trying to do a mobile phone based on an SDR stack would eat through your battery in minutes. You need dedicated silicon.
Nobody knows anything for certain about literally any consumer hardware in existence, because silicon is not end user introspectable. If you want to go there you have to look at Precursor (which uses an FPGA and can make the claim that a backdoor is infeasible in that architecture).
But what we can say is that we know that Intel has hyper-privileged backdoor modes and coprocessors, while every single thing I've seen so far about the M1 indicates it was carefully designed to isolate all coprocessors from the main CPU. Everything is either behind an IOMMU or can't do DMA at all or has some other form of address filter. And knowing what I know about Apple's security posture, it's entirely logical that they designed it this way.
> In short, unless you explicitly send data to the modem, it is never in contact with the blobs running inside it. The modem cannot send any data to the phone unless phone is willing to receive it
I guess there are some legal concerns with open source modems
You can't disable STK applications: They are an integral part of the SIM card. If anything, you could hide the user-facing icon, but that wouldn't do anything about any background processing the applications might be doing.
However, they can only interact with the baseband in any case: While that still allows extensive tracking and potential mischief (like making expensive calls on your behalf), this is nothing your phone provider can't already do, i.e. knowing where you are and bill you arbitrary amounts for services you might not have initiated (when on postpaid).
Was a concern with Pinephone but doesn't seem to be the case anymore from what I saw. (referring to modem)