I would like to buy one of these phones with the intent of installing ASOP or lineageOS. I don't mind maintaining the kernel branch myself and backporting fixes. I understand that there are proprietary blobs that run in userspace but I would trust these as I would get them from Snapdragon's official BSP website: codeaurora. I would remove anything that isn't necessary.
Since I am very nice in this field, I had a few questions:
1. Is it possible for Xiamoi to place a hardware backdoor? Or would this be near impossible to do at a large scale especially when using an American SoC?
2. I notice that the firmware for various chips are loaded from the Android image on boot. I assume this is because it's cheaper and allows firmware to be updated. Are there any components in a normal phone where the firmware in some read only flash? This would mean flashing a new ROM/OS would not remove this firmware.
Please note, I am looking for reasonable security. I am not a target in any way so it's unlikely I would be targeted specifically. I just don't like the idea of backdoors and/or malware calling home.
