Linux phones such as the Librem 5 are a major degradation from Android/iOS. They lack any proper security model and
are ridiculously insecure. The points from the Linux article apply to Linux phones fully
and there is not yet a single Linux phone with a sane security model. They do not have security features such as
full system MAC policies, verified boot, hardened kernels, strong app sandboxing etc. that modern Android phones do.
Distros like PureOS are not secure at all. They're mostly a reskinned Debian. They enable AppArmor but most
processes still run unconfined so it's mostly useless. They change a few security-relevant
settings but these are also mostly useless as they don't even apply the exec-shield patch so that sysctl
doesn't exist, disabling kexec is to prevent root from booting a malicious kernel but root can do so many other
things to modify the kernel such as loading a kernel module, hiding kernel symbols from /proc ignores
the fact that they're clearly visible in System.map and finally, disabling source routing is already a Debian
default. PureOS also uses linux-libre which prevents you
from loading any firmware updates and the Librem 5 prevents you from even flashing
new firmware manually which leaves you with insecure firmware with known vulnerabilities.
The hardware lacks many modern security features like
proper verified boot, hardware backed keystore
(some PGP smartcard is not the same) and more.
Although, one way to fix the issues in software would be to install a more sane OS like Android or its derivatives
such as GrapheneOS if support for the hardware was added. Keep in mind though that it would still lack important
hardware and firmware security features like verified boot so it still isn't close to a normal Android device.
These devices are also not open hardware/firmware unlike what they try to claim. The majority of the
hardware/firmware is still proprietary.
Hardware kill switches are nothing but marketing frills.
The microphone kill switch is useless since audio can still be gotten via the sensors (such as the gyroscope). While the Librem 5
does have a "lockdown mode" that disables the sensors, it also requires flipping all of the other
switches, including the network ones which effectively turns your device into a brick just to
prevent audio recording.
The network kill switch is useless since the attacker will just wait until you turn them back on again to exfiltrate
data. If you need to disable network access, you can use airplane mode.
The camera kill switch can be useful as a small usability improvement but it is really no better than some tape.
Modem isolation isn't anything special. Qualcomm SoCs have isolated the modem via an IOMMU for years. The way the Librem 5 isolates
the modem is via the Linux kernel USB stack which is not a strong barrier as shown in the Linux
article.
There is also a lot of misinformation about how the modem being on a separate chip means it's isolated. This is
completely untrue. Just look at how FireWire for example can be used for DMA yet it's completely separate from
the rest of the hardware. Whether the modem is on a separate chip or not is irrelevant to if it's isolated.