If device security and privacy came down to just the OS, then Android could be secured by a group of like minded individuals. The problem isn't the OS but the hardware and the firmware that drives it. Android's radio image is proprietary and out of public view. This means there are going to be undetectable processes running on your phone regardless of what OS you load. So unless these guys are building their own chips and writing their own firmware, how can they guarantee privacy?