If software is in javascript, we can use abstract syntax tree, to deduce, if it’s a malware and automatically report any tries of malwares to be installed, and programs wouldn’t have to have file system, net, or exec permissions, but with permissions, there could be systemD deamons and simillar things…
Specifying permissions is like 7 different permissions and you could set up specific folder for applications to have access to.
Firewall that disallows specific domains as filter for kids, or even malicious content detection, or having group that blocks content can be pretty much few lines in javascript.
There’s another thing about javascript… Java Games for android, if written in Kotlin, can be compiled to javascript, atleast sort of, but with certain changes it would handle even simple node and socket to screen.
Or Chrome’s rendering engine for websites.
But anyhow, it’s much more functional than C for apps, and everything goes just right…
C doesn’t even safe processors, and assembly OP codes, can be compiled even from javascript.
Running javascript applications in QEMU, as specific application, can be really safe approach to do something.
And also, you can be host of your own web… I don’t know the phones specs, but statuses for 3000 friends, that’s something raspberry pi can handle… Photos shared without cloud, directly from your phone, or phone that’s resting at wifi at home, that’s ‘back up phone’ or something like that.