Could it be that the processor sends data from the camera/microphone to the Qualcomm/Mediatek servers, bypassing the system? Is it possible to find out about this by checking the traffic leaving the device? Are there any studies that have done this? If this happens, then even GrapheneOS becomes mostly meaningless.
The thing about the hardware (radios, in particular) built into Android devices is that, by and large they’re SDRs. They must load firmware blobs for even basic operation. It wouldn’t be too difficult to backdoor that because there are no public tools for writing or debugging the firmware, and it wouldn’t surprise me if some of the better firmware was written in straight assembly (for that radio’s microcontroller).
That said, it’s far easier to implement surveillance attacks from the application level. Much better return on time spent for the attacker, too.
Agree. It’s much simpler. But there are still many people who use custom roms, which means that tracking at the hardware level may appear over time.