Even open source operating systems have closed source components, and unless you're in charge of the entire distribution chain you can't be source used to compile it was the same that was shared with you. On top of that most devices have proprietary systems inside of their hardware that the OS can't control.
So it would be better to say "this has been a risk by using modern technology".
"Things are currently bad, therefore give up" isn't satisfactory.
Even if everything is imperfect, some things are more imperfect than others. If each component that makes you vulnerable has a given percent chance of being used against you in practice, you're better off with one than six, even if you're better off with none than one.
Just to add to this: trying to compile an open source Android distro is a tricky proposition that requires trusting several binaries and a huge source tree.
Moreover, having a personal route to digital autonomy is nearly worthless. To protect democracy and freedom, practically all users need to be able to compute securely.
There's a classic Ken Thompson talk about Trust where he shows how a compiler could essentially propagate a bug forward even after the source code for that compiler was cleaned up.
It's a concept that relies on a great deal of magic to function properly. The binary-only compiler we have must insert code to propagate the infection. To do so it must know it is compiling a compiler, and understand precisely how to affect code generation, without breaking anything. That... feels like an undecidable problem to me.
sure it's undecidable, you can reduce a decider for the word problem to that pretty easily, but in practice you probably only have to recognize a few common compilers to do a good enough job
But the viral property that makes this attack so insidious is, in the end, not sufficiently viral: the compiler will eventually drift away (as a consequence of it being developed further, of course) from the patterns it recognizes. The attack is not as dangerous as it sounds.
I'm not really arguing that too much, since it's a pretty elaborate and finnicky thing ultimately, although I would wager to say that you could probably find patterns to recognize and modify clang/gcc/other relatively stable compilers for a long time to come (assuming no active mitigations against it)
On most hardware, the closed source components are optional.
For example the only closed source component that I use is the NVIDIA driver, but I could use Nouveau, with lower performance.
The real problem is caused by the hardware backdoors that cannot be controlled by the operating systems and which prevent the full ownership of the devices, e.g. the System Management Mode of Intel/AMD, the Intel ME and the AMD PSP.
On most hardware, the closed source components come pre-installed. Just walk into any store and find a phone with a verifiable open source distro.
The real problem is that most people don't have the knowledge to compile a distro and load it onto a phone. Most people don't even know that's a possibility or that the distro on their phone isn't open source.
So it would be better to say "this has been a risk by using modern technology".