![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://fry.gs/pictrs/image/c6832070-8625-4688-b9e5-5d519541e092.png)
People can usually unlock the carrier on their own. Many phones (or at least every phone I’ve ever gotten from T-Mobile) even come pre-installed with a carrier unlocking app. It’s just not automatic, and certain conditions need to be met.
People may also sometimes be able to buy phones already unlocked directly from the manufacturer if they want to. (Whether or not they’re able to do this depends on the manufacturer.)
I imagine it probably is inspected, just not by the public. They probably do it themselves.
And they may have contracts with certain companies specializing in this sort of security that also inspect it.
And there’s also the cybersecurity companies that test it whether they’re contracted or not. At some companies, their entire job revolves around finding bugs (especially security bugs) in other companies’ software.
Just because it’s not on GitHub doesn’t mean it’s not a good product that hasn’t been thoroughly tested.