When you run an android phone with an unlocked bootloader one of your main security concerns has to be physical device security.
Even while your data is encrypted, on Android your OS is not and therefore someone with physical access to your device can trivially inject malware that runs with system permissions.
Same is true for the kernel of your notebook and desktop computer when it doesn't run "secureboot" or a comparable security measure.
Unfortunately, on some phones you can lock bootloader after flashing a custom ROM (Google) while on some you can't (OnePlus)
I've been researching / documenting devices that support verified boot with alternative operating system. Also operating systems that implement this.
Its looking like #Oneplus & Google may be the only vendors to offer support on all their devices
https://hub.libranet.de/wiki/and-priv-sec/wiki/verified-boot
OnePlus? I recently switched to OnePlus 6T (fajita) with LineageOS but when I tried to lock the bootloader I ended up with soft-bricked device. On the other hand this worked with Pixel 3a.
