According to signal facts all the have is your phone number and and the date you signed up for the service and the last day you connected to the server. IP address are not logged or stored the do t have access to it and signal has said this everytime the get a warrent for user data. So yes it is possible to have a secure service that doesn't collect IP addresses but yes the do have some limited data so you are correct.
I would have gotten a 3rd party device but had to opt for the steam deck because of tracpads if it has no tracpads I am not buying it because allot of my games require tracpads.
Understandable I keep my phones for 2 years only, 1 year now with my 7a just had to replace a cracked screen and installed a new battery so good for another year.
I think it's great seeing other company's ship Steam OS I exclusively only play games on my OLED Steam Deck since I bought it. Just simple download and play no issues but I am a outlyer I haven't used Windows in 15 years only Linux.
So after more research linage OS and calyx only allow Micro G apps to spoof and the verify via the app signature key the are signed with to verify this is the only way LinageOS would agree to adding micro G support so it is secure but still makes me feel unsafe at least to me just my opinion but yes it can be done securely I would use Linage OS with Micro G if the supported relocking the bootloader I know pixels support this but requires you to build your own version from source of linage and the sign your device with your own key that you also sign your build with as well I think I'll stick with GrapheneOS.
Then buy a newer one with longer support this will always be a issue since the support window is the same as Google. Once a manufacturer stops updating drivers and device firmware the said device can no longer effectively be secure because any exploit in the drivers or firmware will forever go unfixed compromisimg the devices security. Doesn't matter what devices you buy this will always be the case it just depends on what your personal threat model is.
Correct but GOS reverses alot of Google patches like always on voice requires kernel privalage it is disabled on GOS etc. But kernel level signature spoofing gives way for a malicious app to spoof as micro g and infect your device and you would never know because micro g requires the same thing to function it is making itself look like Google when it is not google. So using microg opens your device up to allot more ways for it to be compromised and also makes it harder to detect or notice once it is compromised. For me the security risk of kernel level spoofing is way to high to use on a production device used everyday. Also I trust neither Google or microg I only use Foss apps I don't have Sandboxed play services installed at all I just don't use Google anymore.
No because the data is encrypted especially on Graphene OS and even on stock pixel phones data at rest is fully encrypted and pixel phones also have a onboard security chip as well. So unless you can unlock the user data it would be useless. That is why a locked bootloader is so important it is needed to ensure at rest encryption its a requirement for it.
I use GOS and agree with you completely some of the things GOS has done and said in the past should have never happened and hurt GOS more than it helped it. Also on the micro G front You are correct still being debated but as long as Micro G is signature spoofing it is my opinion it is not secure as signature spoofing requires kernel changes that in fact weaken Android's security model.
GOS Supports the pixel devices for the same amount of time as Google hard to keep a device secure once drivers are no longer being updated. But with Google extending support for pixel 6 and 7 series and the new 7 year guarantee on pixel 8 devices and newer this isn't really a concern anymore. So pixel 7a and fold will be supported until 2028 and Pixel 6 and 6 pro until 2026 pixel 7, 7 pro, and 6a until 2027. Seems like plenty of time for support and that means as long as Google supports it so does GOS.
Once LinageOS is installed your bootloader is always unlocked so anyone who finds your phone if lost owns it. GrapheneOS and a few other ROMs I forget the names of allow the bootloader to be relocked keeping android security model intact allowing the device to still be secure.
This just seperates it into a secondary profile but all apps in your main profile are already sandboxed as well the only apps that are not sandboxed are system apps such as Play services. But you could use the app in a work profile(shelter) under a seperate Google account that would add a bit more anonymity. But android default app sandbox could be more secure there are other custom ROMs that do just that making the regular app sandbox even more secure.
Here is more information on how each android app is sandboxed(except Play Services)