That is a vast oversimplifications. Custom Android builds either rely on reverse engineered drivers, or vendor kernels, or mostly undocumented drivers and custom kernel patches.
Custom “ROMs” are often very insecure, as they use the outdated stock vendor kernel of the original OS, as it is so customized. Not always, but often.
Then you have firmware, which is responsible for a ton of tasks on Android phones, way more importantly than on a PC. There is an entire separate, proprietary chip in there, connecting to sensible and insecure networks like 2G and 3G (the modem/baseband).
That is a vast oversimplifications. Custom Android builds either rely on reverse engineered drivers, or vendor kernels, or mostly undocumented drivers and custom kernel patches.
Custom “ROMs” are often very insecure, as they use the outdated stock vendor kernel of the original OS, as it is so customized. Not always, but often.
Then you have firmware, which is responsible for a ton of tasks on Android phones, way more importantly than on a PC. There is an entire separate, proprietary chip in there, connecting to sensible and insecure networks like 2G and 3G (the modem/baseband).
I found this article to explain the situation well