You need some loops to jump through to get there. But that can be achieved for Signal as well, if you check the discussions regarding reproducible builds for Signal’s iOS client, you’ll see that people just decided it is not worth the hassle to push it through.

MDM can be configured in 2 modes, one with company owned devices and one with bring your own device. But there are lots of settings that can be done, usually it is configured with work and personal profiles and the work one has all the restrictions in place and the personal has no limits. Maybe just some device features can be also enforced, like forbid the OEM unlock and ADB.

Good bot.

If it is advertised well, it will be the same as with smartphones nowadays. Companies won’t plant chips into human brains, people will pay to have chips planted into their brains and pay even more for yearly upgrades.