SoC's are what NSA is using for most of its spy tools ... the bug in the monitor cable, the chip in the keyboard connector, in the MicroSD's, the HD's and who knows what else. In some cases all they do is hit the device with microwaves and get a modulated reflected signal back.

I considered popping open the tar ball that I looked at but I don't do risky things like that any more. The tarball you untarred appears to be for an Android 4.2.1 OS. Even after the tarball is opened and the files deployed, unless one can verify the binary by compiling its putative source and comparing the compiled output with the binary one cannot guarantee that spyware has not been planted in one of the *.so's or ELF binary executables.

Indeed. The SoC (system-on-chip) architecture, while elegant, is also much easier to use for "black box"-type needs. One piece of tiny hardware, controlled by one binary blob.

It's the collection of vendor-specific binaries for Android 4.4.2 on a Nexus 4. These binaries are necessary if you want to take full advantage of the hardware. If you build AOSP for this phone and don't include these binary files, the result will be a phone that can't take pictures, orient itself in space, play audio and video, encrypt and decrypt data, locate GSM satellites, connect to wi-fi or Bluetooth, connect to USB ports, and engage the NFC.

It has always been this way with smartphones. They contain proprietary hardware, controlled by proprietary binary drivers. The hardware manufacturers never make source code available.

More on SD cards and vulnerability...
http://phys.org/news/2014-01-30c3-sd-card-mitm.html#ms