So could your Android phone - even if it runs GrapheneOS. How do you know that GrapheneOS isn't a CIA project like ArcaneOS that won't push a sneaky software update to your device? You don't and you never know, so it's not really fair to target Apple for this. You will always be vulnerable to such an attack no matter what you choose.
The only true secure option is to build the source yourself, sign it with your own keys, and run it. Assuming you can read all the code and make sure its safe, and read all the code on your compiler to make sure that is safe. And you'll still need to trust the Google-signed bootloader code, which totally hasn't had suspicious custom builds released previously (ArcaneOS?)
The only true secure option is to build the source yourself, sign it with your own keys, and run it. Assuming you can read all the code and make sure its safe, and read all the code on your compiler to make sure that is safe. And you'll still need to trust the Google-signed bootloader code, which totally hasn't had suspicious custom builds released previously (ArcaneOS?)