I have complete control over my phone (baseband and userspace), including a nifty tool sanctioned by MediaTek to insert arbitrary AT commands in my processor at will.
I also have the ability to toggle something on the range of 75 GPIO pins. I'm not entirely sure what they do, so I don't play with them. But aside that, I have complete control over every part of the hardware.
The processor that interprets those AT commands run its own operating system, and it runs a huge codebase implementing at the very least the GSM layer 2/3 and the UMTS layer 2/3 protocols. (Here's(http://cgit.osmocom.org/vovida-gsml/tree/) partially leaks of such code for an old GSM only phone, ramping up at about near 200000 lines of C and C++ code)
It sounds like you don't really have access to that and can e.g. change the protocol messages being exchanged by the BTS/NodeB or the mobile switching center.
Android does not drive baseband, it runs on application processor.
Baseband processor is separate core that runs its own, realtime OS, that handles radio communication. These OS are not opensource.
The application processor talks to baseband via RIL (rild in Android), which is basically a form of IPC via shared memory.
To recapitulate: In your phone, there is another CPU, with closed-source OS full of bugs, connected via air to network and it has full access to RAM of your application processor.
I hope that it's obvious, that it does not matter, what OS runs on the application CPU.
I have complete control over my phone (baseband and userspace), including a nifty tool sanctioned by MediaTek to insert arbitrary AT commands in my processor at will.
I also have the ability to toggle something on the range of 75 GPIO pins. I'm not entirely sure what they do, so I don't play with them. But aside that, I have complete control over every part of the hardware.