Linux phones such as the Librem 5 or Pinephone are a major degradation from alternative operating systems such as
Android or iOS. A few of the points in this article do apply to the Librem 5 specifically but the majority applies
to any Linux phone unless specified otherwise.
Linux phones lack any significant security model and the points from the Linux article apply to
Linux phones fully. There is not yet a single Linux phone with a sane security model. They do not have modern security
features such as full system MAC policies, verified boot, strong app sandboxing, modern exploit mitigations and so on
which modern Android phones already deploy.
Distributions like PureOS are not particularly secure. They are mostly a reskinned Debian.
/proc
ignores
the fact that they're clearly visible in System.map;
The hardware itself lacks many modern security features too such as
proper verified boot, a hardware-backed keystore
(some PGP smartcard is not equivalent) and more.
Although, one way to fix the issues in software would be to install a more sane OS like Android or its derivatives
such as GrapheneOS if support for the hardware was added. Keep in mind though that it would still lack important
hardware and firmware security features like verified boot so it still isn't close to a normal Android device.
These devices are also not open hardware/firmware unlike what they try to imply. The majority of the
hardware/firmware is still proprietary.
Hardware kill switches are nothing but marketing frills.
The microphone kill switch is useless since audio can still be gotten via the sensors (such as the gyroscope or
accelerometer). While the Librem 5 does have a "lockdown mode" that disables the sensors, it also requires
flipping all of the other switches, including the network switches which effectively turns your device into a brick
just to prevent audio recording.
The network kill switch is useless since the attacker can just wait until you turn them back on again to exfiltrate
data. If you need to disable network access, you can use airplane mode. Airplane mode can be disabled via a software
vulnerability but if an attacker has those capabilities, then they can also simply sit and record any sensitive data
and eventually upload it once you re-enable the hardware network kill switch, making it no more effective than airplane
mode.
The camera kill switch can be useful as a small usability improvement but it is really no better than some tape.
Modem isolation isn't anything special. Qualcomm SoCs have isolated the modem via an IOMMU for years. The way the Librem 5 isolates
the modem is via the Linux kernel USB stack which is not a strong barrier as shown in the Linux
article.
There is also a lot of misinformation about how the modem being on a separate chip means it's isolated — this is
completely untrue. Just look at how FireWire for example can be abused for DMA while being completely separate
from the rest of the hardware. Whether or not the modem is on a separate chip is irrelevant to if it's isolated.