Doesn't the fact that mobile phones have an extra closed-source baseband OS that can control the phone on a lower level than the secondary OS (Android) make any attempt at securing the secondary OS pointless? I mean, the baseband might have a keylogger and send all your data to your provider anyway...