Most smart phones are considered pwned-by-default due to the inclusion of the 3G/4G/whatever chip you have no control over.
Of course, there's the whole issue of distributed trust by way of pre-loaded X509 certs but there are some relatively secure ways around that (keybase, meeting in person and swapping PGP keys, etc) that would move the goalpost far enough to where it might not even matter any more.
Does anyone know anything that's close to this? basically a phone that only uses SDR for connectivity?
Not exactly what you’re after, but the Librem 5 (crowd-funded, at the head-scratching stage) aims to put the baseband processor in an optional M2 slot with killable power. On a device that runs Debian. From following progress on that project I’ve got the impression that everything to do with chips for mobile connectivity are so patent/IP-law encumbered that there’s little hope for Free Software replacements.
However, hacking on that handset is the best chance I’m aware of for you getting the device you want (perhaps with something else in the M2 slot).
If that comes true I am definitely getting one.
Legalities and options
The GSM spectrum is very expensive private property. You may not transmit (or even receive) in GSM bands without permission. In the UK, it is an offence under the Wireless Telegraphy Act to transmit on licensed bands without permission and furthermore intercepting GSM without a warrant is an offence under the Regulation of Investigatory Powers Act.You should apply for a licence (example from OFCOM below) before commencing GSM testing and will also need a faraday cage to suppress radiation. (For these reasons, GSM interfaces get less scrutiny than TCP/IP for example).
In the meantime, it's better to use a phone that gives you control over the cellular modem (if you still need the modem), as "confounded" suggested (with the Librem 5). Other phones similar to the Librem 5 are also specifically designed to ensure the modem is not doing anything unexpected, such as the Neo900: https://neo900.org/faq#privacy - "Unlike some other smartphones do, Neo900 won't share system RAM with the modem and system CPU will always have full control over the microphone signal sent to the modem. You can think of it as a USB dongle connected to the PC, with you in full control over the drivers, with a virtual LED to show any modem activity."
Regardless of which of these you choose, you can already separate your phone number from your SIM card with projects like https://jmp.chat/ so you don't need to use a cellular modem just to send/receive SMS/MMS and calls if you happen to be around wifi already. And you get other nice features like voicemail auto-transcribed and delivered as text by default, too (see https://jmp.chat/#voicemail for details).
So I'd start by using https://jmp.chat/ with your existing phone and phone number, then switch to new phones/modems as the modem separation gets better.
There are some hardcore GSM hackers slowly assembling the parts for this: http://git.osmocom.org/
By the way this read has resuscitated an old fantasy of mine: adding an indirection layer to my mobile phone presence.
After this testing I am finally sure I can leave my SIM card at home and just use a regular internet connection to poll messages from home. My bigger fantasy is to be able to proxy calls too, so that I can finally leave this third-millennium-leash (my phone) at home.
With https://jmp.chat/ you don't need a SIM card at all - you just login to your phone number with an XMPP client (SMS/MMS) or SIP client (voice) and use it wherever you have an Internet connection. If you only want to use it at home, you can just use wifi and don't need to pay any cell carrier. But if you do want access to your number away from wifi, you can get a cheap data-only plan and use XMPP/SIP clients on your phone too. It's always up to you if you want to be tracked - you can turn off your phone('s modem) and use your number only over wifi whenever you like.
And it's easy to transfer your existing number into JMP - see https://jmp.chat/#existing for details.
I dream of a solution where I just put a SIM in and I am good to go (go as in "go away from the physical location of my sim card"). SMS will be forwarded to my email inbox and upon receiving a phone call it will be forwarded to the computer I am currently using via some protocol (SIP/webrtc?). Whether such computer is a mobile phone connected to the internet via a cellular modem or a laptop connected via some wifi that should not matter.
This should work with my current SIM card and with whatever other SIM card from any provider.
And BTW FYI: JMP does not work in my country. Please stop assuming everybody is from the US.
Please, tie yourself to Google a bit more.
In fact, I mostly just text from my computer instead of picking up my phone and texting from there.
How phone numbers / phones work: https://www.youtube.com/watch?v=FZsajM6M3UY
How to buy a block of phone numbers: https://www.siptrunk.com/2015/12/how-to-find-did-number-bloc...
I'm trying to do a thought exercise on how I might approach building a Twilio side project, but after I buy phone numbers from sipTrunk, I wouldn't know how to connect it to sim cards.
What the linked post here talks about is using a device that's basically a mobile phone in a USB stick form factor to send and receive SMS like you'd do on a mobile phone. You buy a SIM, insert it into the device, and start texting. That's the other side of what your Twilio project would do.
Edit: Or https://www.qosmotec.com/ireg-test-automation-remote-ues-cen...
It's in the middle of the ground/machine floor of a large building, so there's a lot of thick concrete walls around, but it gets a good signal and reliably sends SMS alerts to me.
Edit: and a repository of modems that can send SMS on Linux is here :P https://wammu.eu/phones/
That said, I recently switched to AM from Pulse (which also has a webui). I quite liked Pulse, but the web interface had a lot of trouble staying in sync, plus it requires a subscription to use the web interface. Also tried MightyText, but $7/mo is ridiculous and it also had sync issues. Android Messages seems to have really nailed sync across several devices, which is pretty important to me.
Keep in mind it is common (at least in EU) for mobile providers to forbid M2M and M2P traffic when using typical customer tariff plan, especially ones with unlimited messages. It's quite easy to detect it and SIM cards used in such way are blocked rather quickly.
Granted, this was on OpenWRT using a frozen version of smstools and largest issues were with trying to get Å, Ä & Ö to work (fun times with UCS-2/UTF-8/WTF-8 and Latin1/CP-1502/ISO-8859-1). It sure was an experience and in the end, the problem was blown away by just using UTF-8 (which had the unfortunate side-effect of doubling the amount of sent messages due to the space taken by the encoding).
What puzzles me is how easily large entities go for services that send from a random phone number (for example, VR in Finland sends "mobile train tickets" via random numbers that change with every message) where as some opt to "fake" the from number to have the company/service name.
There's a reason why various VoIP providers have APIs and bulk SMS rate pricing.
Curious if anyone else here has tried this as well...