Where is the secure element? Where is the pointer authentication? Where is the secure boot?
>no proprietary chips
The device uses a Xilinx XC7S50 which is proprietary.
>Oh, you "trust" large manufacturers.
Yes, I do trust large manufacturers. The probability that someone makse you a custom phone to compromise you is practically 0%. The chance they do it via a visible hardware change as opposed to a software change is 0%. If you are that paranoid why not worry about trusting Xilinix in producing a custom bitstream when it sees you trying to synthesize this chip. Fortunately reality is more boring and these companies aren't out to get you.