ARM processors indeed do not have a SoC like x86, that I know of. Mobile phones, however, have an equally, if not moreso, dangerous concept. A phone has three processors: the CPU, which is what everyone is already familiar with, the baseband, which is the processor that handles carrier communication (i.e. SMS, calls, data, etc.), and the SIM. The SIM is a computer, albeit a small one, and both it and the baseband are "under" the CPU and OS completely. They communicate with the carrier and each other, are encrypted, and currently they are just as much a black box as ME, except it certainly communicates to cell towers via encrypted channels.
This is a good example, albeit outdated, of how powerful the SIM/baseband is. It theoretically has full control, a benefit of being "under" the OS, and if hacks like this happened again (or carrier/government malpractice), there would be similar capabilities, and likely more.
Now, please don't misinterpret this as some boogie monster under the bed. "Nobody knows" means exactly what it says, and I'm not insinuating anything. It's simply a black box. You should develop your own threat model and decide whether this is a risk for you. Also, while everything I've said is correct to the best of my knowledge, I haven't double-checked, so believe it at your own risk. I will happily edit if anyone corrects me.