Before I buy... is PinePhone actually open source?

[wibble]

Unfortunately there is no such device, and there won't be so long as radio devices require regulatory approval. Read the 4G standard docs - see
https://www.3gpp.org/specifications/ - from what I remember location awareness is part of the specification. Many (most?) jurisdictions now require location for emergency calls, and network operators find it useful for a number of reasons, including selling it to 3rd parties even when they've promised they won't.

Thank you for the standard docs. I'll dive into them.

So most mobile network modems are blackboxes? Is there any way to reverse engineer them or hobble together my own 3G modem for private use?

I saw an unrelated project that might be useful: https://www.forbes.com/sites/thomasbrews...gray-jeep/

It's using a "a software-defined radio (SDR)" for MITM attacks. Is it possible to use such a modem just for calling and not spying on other phones?

I'm not aware of a legal one that isn't a black box - between corporate intellectual property policies and regulatory dislike for unlicensed people being able to change transmit characteristics it's an uphill battle. It's a similar situation for WiFi chipsets - most of them have an embedded processor with closed firmware too, and sometimes they have security issues. The FCC were sufficiently worried about the possibility of OpenWRT users using bands or transmit powers not allowed in their country that they considered mandating firmware signing for wifi access points. Wider awareness of SDR is probably a nightmare scenario for them.

It may be possible with SDR - I'm not sure what the current state of projects like OpenBTS is - but outside controlled environments it will be illegal in most jurisdictions, and impractical for a mobile phone - have a look at the size and power consumption of the transmit-capable SDR stuff.