I don’t like so called smartphones (flashy devices to mine your data and other reasons) but my regular no touchscreen phone’s microphone is no longer working as it should, making conversations difficult.
Enter a smartphone I received as a present, my phobia (for lack of a better word) to smartphones and my (misguided?) obsession with privacy: I don’t want to use this smartphone as my default phone because I’m scared the carrier, ISP or google are going to mine my data and trace my calls.
Which might be an overreaction, because each time I use my regular cell phone, the carrier knows when I’m calling from, who I’m calling and how long the call lasts.
So I ask you: how much more data would I be leaking if I use my new smartphone for calls only, compared to a regular, no touchscreen phone?
Your concern is well reasoned. A smartphone is a much larger risk surface compared to an application specific dumb phone. Running an entire operating system, increases the number of exploitive holes you could be running it anytime. You’re almost guaranteed to be running at-risk software.
You can mitigate that risk, by using graphene as people have discussed. But if you truly don’t care, get another dumb phone. It’s hard to exploit the remotely, it’s hard to install software remotely, Pegasus doesn’t try target them. It’s a smaller risk surface.
That being said, if you want some of the benefits of a smartphone. You can do so limiting your risk surface. Run stock Android, or graphene,. Make sure you’re okay with the permissions you provide. And most importantly keep your software up to date. That’s a reasonable level of paranoia versus utility trade-off