basically you are saying that you'd have to treat the cell phone as simple a transport, only, and never a data entry or even data display device. it should not even be part of any encryption system other than normal cell or wifi. assume its weak and just consider it like UDP (lol). do all your data entry, display and encryption outside of the phone and the phone simply gives you a wifi AP.
if you think about it, that's a huge waste. such power and display, being ignored and using it just to convert cell rf to wifi rf. in fact, there are boxes that do that cheaper and better. you could get a $30 battery 'travel router' and have cell rf via usb and wifi also over another usb port. that gets you raw ip.
then, you need your trusted phone, but it can't be any kind of 'normal' phone. and this does not know or care about cell and only speaks ip/wifi. you can have a trustable touchscreen system that does that and it does not have to have any blackbox magic in it.
it still means you need 2 boxes. but really, since one box (the cell part) will never be 'ours' or trustable, might as well make it its own separate box, create an IP boundary and talk just IP.
if a phone can be repurposed so that no black magic is left in it and all code is known and trustable, then we could go back to using 'phones' as user interfaces. but really, if you need to trust it, you can't use phones as phones and UI devices anymore.
shame. really it is. but this is what we have.