Yes, I forgot to mention all the issues of longevity and maintenance, which really are the most important reasons to buy a Linux phone.
The problem is that when you buy an Android phone, you get an integrated SoC which contains everything important (CPU, GPU, VPU, WiFi, Bluetooth, GNSS, cellular baseband, USB controller) and that SoC is only manufactured for 1 - 2 years and only gets firmware and driver updates for 2 - 3.5 years.
In contrast, NXP promises to produce the i.MX 8M Quad till Jan 2018 and produce the i.MX 8M Plus for 15 years, which means that we are guaranteed years of firmware updates, and driver updates, because NXP contributes to the mainline Linux driver. PINE64 promises to manufacture the PinePhone for 5 years, which is longer than any smartphone in history, which means that PINE64 must have gotten promises of 5 years of production from its component suppliers. Therefore, the Librem 5 and PinePhone are going to get more years of proprietary firmware updates from the component manufacturers than Android phones will get.
In addition, some of the FOSS drivers are maintained by the manufacturers themselves, such as NXP and Redpine Signals for the Librem 5 and RealTek for the PinePhone. Because all the drivers in the Librem 5 and PinePhone are FOSS, they can be maintained forever by the community. As long as the community cares about the hardware, there will be Linux drivers. The Linux kernel still contains drivers for the Intel 80486 which was released in 1989.
With the Librem 5, you get a promise of lifetime software updates and Purism can make that promise because so much of its software is maintained by a larger community. Purism has to do a lot of work to use the GTK/GNOME ecosystem and adapt all those desktop GTK apps to run on mobile, but once it is done, it will be very easy to maintain, because it can rely on the larger community and all the companies that contribute to GTK/GNOME, like IBM/Red Hat, SUSE and Canonical, to provide updates to the software. Because Purism’s goal is to upstream its changes to a program like GNOME Contacts, the maintainers of that software will keep providing it with updates. Purism is getting as much of its software as possible to be adopted as official projects of GNOME, such as libhandy, Chatty and Calls, so they will keep getting updates from GNOME. There will be very little that Purism has to maintain alone (Phosh, Phoc, haegtesse, Squeekboard, etc.) and the fact that software is being ported to the PinePhone and every future Linux phone, means the Purism will probably have volunteers to help it.
Purism chose to adapt existing desktop software that already has maintainers, so it has little of its own software to maintain in the future. Because of that strategy, I think that GTK/Phosh will be more maintainable than KDE Plasma Mobile which has a lot of its own mobile apps to maintain, and KDE has less corporate support than GNOME. Ubuntu Touch by UBports, LuneOS, Sailfish OS and Firefox OS/KaiOS have a lot of siloed code which will require huge amounts of work to maintain. Basically Purism chose to invest a huge amount in the present in software development, in order to have the most maintainable system in the long-term.
Now let’s compare what happens, with a de-googled Android phone. First of all, just figuring out how to unlock the bootloader on many Android phones is a nightmare. Only ASUS, BQ, Essential, Fairphone, LeEco, Google, OnePlus, Razer and WileyFox allow the bootloader to be unlocked without requiring authorization from the manufacturer, and Huawei and Apple literally make it impossible. If you have the bad fortune to buy a phone sold by a cellular provider like Verizon, then it probably is also impossible if the phone can’t be cracked. To see how evil phone makers can be, read my article, “Why we don’t own our mobile phones”.
Once you figure out how to unlock the bootloader, and you install an AOSP derivative like LineageOS, then it is a total crap shoot how well it is going to be maintained in the future. You are depending on volunteers (often just one or two for many phone models), who are trying to figure out how to make the latest AOSP version work with an ancient kernel, firmware and drivers that haven’t been updated in years, and they don’t have NDA’s with the component suppliers to get any code updates or component information.
If you buy a OnePlus, then you are pretty much guaranteed to always have a good LineageOS port that you can use, because there are a ton of LineageOS volunteers and OnePlus actually works with the community, and always uses a Snapdragon processor (which is the best supported of the mobile SoC’s). If you buy anything else, well you have no idea what you will get. Google and Sony are a little better than the other manufacturers, but their models don’t have as many volunteers working on them as OnePlus. Everything else is highly sketchy. You might get LineageOS ports, but something always seems to not work right. Whenever something doesn’t work, you will waste hours trying random fixes that you read on the xda-developers forums, and maybe you will get lucky, but probably not.
The volunteers at the AOSP-derivative projects are often working in the dark after the phone makers stop releasing firmware and driver updates for a phone model. Many mobile SoC’s like Qualcomm Snapdragon, MediaTek Helio, UNISOC, Samsung Exynos, HiSilicon Kirin and Xiaomi Surge don’t release their documentation without an NDA. Virtually all WiFi/Bluetooth and cellular modem manufacturers require NDA’s just to access the documentation on their chips. The only SoC manufacturer who can really be relied upon is Qualcomm, because it publishes all its commits in Code Aurora, whereas MediaTek and Samsung only occasionally give extra info, but mostly just do the bare minimum code dump required by the GPL.
When using an AOSP-derivative, you get a very outdated kernel. It takes Google a while to apply its changes to mainline Linux for Android, and then it takes phone manufacturers a while to release a phone model for an Android version, and then it takes volunteers a while to port LineageOS to that phone model.
By the time, a good LineageOS port is ready and fully debugged, you are probably buying a phone that is already 1 year old. For example, if you buy a new phone today, you are probably going to get AOSP 9 (released on 2018-08-06), which supports Linux kernels 4.4 (from 2016-01-10), 4.9 (from 2016-12-11) and 4.14 (from 2017-11-12), so you are using a Linux kernel that is 2.5 - 4 years out-of-date.
Google doesn’t require Android phone makers to upgrade their Linux kernels when upgrading Android, and most of the LineageOS ports just use the last kernel provided by phone manufacturer, because it is black magic to try and understand how everything works at that level, since there is no way to get any info/firmware/drivers from the component manufacturers. So if you have a LineageOS phone that is 3 years old, you are probably using a Linux kernel that is 5-6 years old.
Let’s say that you won the lottery and bought a phone model that is still getting good LineageOS ports with recent versions of AOSP. With PureOS/Phosh, you just type
sudo apt dist-upgrade and it all upgrades automatically. With LineageOS, you copy all the essential info over to your PC. Then do a clean install and then copy all your essential data back over to the phone, and it takes you hours to get everything back to the way you want it. You get a new version of AOSP, but you still have that same ancient kernel as before.
Now let’s compare what happens when your hardware breaks. If you bought a Fairphone or a ShiftPhone, then you are in luck. Otherwise, hope that iFixit has parts for you, because the Android phone manufacturer wants you to buy a new phone and sees no reason to help you fix your phone. We will see how well Purism will do on providing parts, but PINE64 is already selling parts for the PinePhone.
Let’s say that you are paranoid that big brother is spying on you. The community can review all the source code for everything in the root file system for the Librem 5 (and everything but 3 Realtek firmware files for the PinePhone) to make sure that nothing evil got slipped into the code. When you decide that you want to go hunting for spy chips from the Chinese government, you can go look at the schematics for your Linux phone, but no Android phone provides schematics because they are based on copyrighted reference designs from Qualcomm, MediaTek or UNISOC which the phone makers aren’t allowed to publish. If you are really paranoid, you can look at Purism’s x-rays of the PCB’s, and x-ray your own PCB to make sure that they match, since the Chinese government was reportedly slipping spy chips inside the laminate layers in the PCB in Supermicro servers.