First, stay away from Qualcomm-based phones. In them the baseband controls all physical memory, as documented in the Replicant project, and thus has control over the application processor (the "unix computer").

Ok. So what I am shooting for is a firewall between the baseband processor and the application processor, and I was indeed correct that in a "real" mobile phone there is a lot of bleeding between the two.

Second, even Infineon-based phones are not completely safe, however you can use Replicant on the Nexus S, and thus there is no proprietary binaries (on the Unix side) and less risk of meddling from a third party. However, this won't prevent a baseband exploit from doing evil stuff. In addition there are Android vulnerabilities constantly appearing, last one as you may have heard concerned the SGS3's NFC stack.

Well, that is why I said "unix computer" and not specifically android - if I am running a computer (like a samsung galaxy player) then I could do something besides android, and perhaps gain quite a bit of control.

Finally, the scenario you suggest (connecting a 3G USB modem) to a computer seems very impractical although it adds a layer of safety since the microphone will be fully under the control of the system you trust. However battery life will probably be very, very short as compared to your current 2G phone.

Yes, ok. Battery life is bad, as well as the physical logistics of connecting a full sized USB dongle to a micro-USB port, etc.

By the way, as documented in presentations at CCC, Blackhat, etc. GSM networks are not safe, there are multiple vulnerabilities ranging from offline decryption of comms to active mitm attacks. 3G networks use stronger, mutual authentication and do not suffer from this. In several phones, such as the Nexus S, you can force the network mode to 3G only and therefore have a better level of security.

Yes, but the real trick I am interested is isolating (or at least controlling) the interaction between the baseband processor and the application processor. Using a computer with a USB dongle gives me that control ... would I have that same level of control if we had free software running on the baseband processor, or is there still additional bleeding possible simpy by virtue of being built into the computer ?

Also, just for my own notes, what is the industry term for "making changes to application processor side of customers handset?" I have heard of some regular examples of how carriers update things and enforce changes to phones in this way (or relock them ?) but what is the term for that behavior ?

Thanks.