> Other commenters report that Android will silently re-enable cell data under various conditions

This is terrifying.

It's expected. The people who own the phones aren't in control of the OS and the wireless chipsets are closed/proprietary. Cellphones really shouldn't be trusted by anyone.

Correct, the baseband usually has binary blobs. Although I am curious why Google/Apple decided not to make their own baseband, given their new silicon manufacturing expertise.

IIRC Apple has tried/is trying, but it is ridiculously complex to the point that they had to go back to Qualcomm as there really is no other option. Read: The biggest tech co on the planet stumbles with this, it should be considered a magic box as this point.

Google is sort of trying by using a Samsung modem (instead of Qualcomm) with an IOMMU in between, so at least the modem doesn't have access to the whole address space like on other phones. But they get a lot of flack for it.

Armchair speculation: Patents?

so then whats the other alternative?

solder on some ESPs on an old playstation portable device and connect from starbucks?

Right now we have no alternatives, but it's not technologically impossible to create mobile devices that give us root access to a mobile OS, or to create open wireless chipsets with open firmware.

Both Android and iOS will do that when you receive a MMS.

Even if the MMS is supposedly on an intranet, it wouldn't surprise be that a poor implementation might expose the rest of the system to internet for a brief moment.

i'm almost certain i've had it happen on iOS, too. only reason i can't definitively say—is because i can't rule myself out always having to manually toggle cell data on/off, both radio-level and per-app, when i'm coming/going from my own networks to my mobile VPN.

even in roaming?