some mobile system-on-chips have good isolation of the modem
That actually is what mainly drives the choice of the hardware Replicant's developers work on. Even like that, they found in the Samsung Galaxy devices a backdoor that lets the modem perform remote file I/O operations on the file system: https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor