While I was still using an Apple iPhone (until 2016), I too felt safe. The way that Apple and won the Apple–FBI encryption dispute (https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_dispute) made me feel that way. That event and the way it played out built up a great sense of trust.
As bitcoiners say; Don't trust. Verify.
Unless I can see and verify the open-source code, I do not trust any of it, and neither should you.
I can foresee a future where that bitcoiner slogan will be expanded to be, "Don't trust. Verify. Compile. Reproduce", or something along those lines.
Just being able to see the source code that is supposedly running on your device is not enough. You need to be able to prove that it is. The best way to prove this would be to compile the source code yourself and load it to your device by way of a flashing process or something similar.
GrapheneOS' method of performing hardware-based attestation is brilliant; https://grapheneos.org/install/cli#hardware-based-attestation. I do trust GrapheneOS because I could do every step of Don't trust. Verify. Compile. Reproduce. I use GrapheneOS as the primary OS on my mobile phone and I recommend their product to anyone every chance I get.
I would love to agree and it sounds great. But in this approach I fail in “verify” due to my lack of skills for that, so I can either learn it (very unlikely) or to choose to trust to someone (could be you or other helpful guys here), or Tim Cook 😁
As a lay person in this, I would only have dumb questions like which phone brand to choose and which cloud or way of storage to use.
I wouldn’t know where to start.
You're absolutely right about needing skills to verify it properly. It's very technical. I was a network engineer in my career job, so the extreme technicalities did not scare me away from trying it.
I tried it, not knowing if I would succeed. I did finally succeed in getting it all set up, but I feel that it took way too long, the process was very difficult, and there is a steep learning curve on figuring out how to use GrapheneOS once you've got it installed.
You could lean on someone technical to set it all up for you, but me knowing how difficult it was, I know you can't lean on me personally to do it for you. I say that because even if I set it up for you, I would not be able to handle responding to any technical questions that surely would arise afterwards, I'm already feeling overwhelmed with everything else in my life that I'm behind on. The entire OS has many quirks which require more research, more time, more fiddling with, in order to get it working properly.
It's certainly not for everyone.
Not doing it yourself requires that you trust someone else to do it for you, or to have a Help Desk that can open tickets, answer questions, troubleshoot problems for you as they happen. This is why mega corps like Apple are good for many people, but as long as Apple does not open-source their code, I know I will not use Apple since I'm 100% open-source only from now on.
My only advice would to challenge yourself by buying a Pixel phone (7a or better) and consider it to be your boredom-ending tool. You'll never be bored ever again as long as you own one. If/when you ever feel a tiny bit of boredom, use that time to learn the next thing about what your GrapheneOS phone can do, or read any open Issues you see on their various repositories on github (https://github.com/orgs/GrapheneOS/repositories?type=all) and think about ways to tackle those problems or even propose solutions to them.
