While the never fixed 0days on android are completely secure.

And let's not forget the several noclick attacks that can root your iphone with a message :)

How can you compare iOS or Android security with desktop Linux security?

Have you checked what it takes to achieve those 0-click root exploits on iOS or Android compared to a desktop Linux distro?

Not even in the same league.

Have you checked the time it takes apple or any android vendor to fix anything vs the time it takes a linux distribution?

Months vs hours.

Sounds like a vendor issue also present on desktop. Just get a pixel and enjoy first class update support with GrapheneOS.

What makes you think it's not encrypted? https://wiki.postmarketos.org/wiki/Full_disk_encryption seems to indicate that support varies a bit by device but it's perfectly doable.

Note that the initramfs is stored without encryption or signing. So while your data won't be leaked when your phone gets stolen, it should be considered compromised if you get it back.

Sure, lack of secure boot is a tradeoff. Of course, by the same token you can just reflash the boot partition and fix that.

How does flashing work, who controls the writes? I remember reading about hacking the controller of an SD card to override the read/write functionality.

I think if the bootloader is overwritable, it could lie to you about reflashing the boot partition...

It varies by device. Obviously something has to handle writes, but generally it's a lower stage that isn't easily writable itself.