I think there is no way to have true security on a cellphone; the surface of attack is so wide that although one uses only FOSS apps, the platform can host all sorts of backdoors buried either in the OS or in the hardware/firmware themselves, so that any attempt to communicate through strong encryption might be rendered futile by code running at higher privileges (device drivers and firmware, conveniently all closed) which would access sent data before encryption and received data after decryption, mirroring them home somewhere unbeknownst to the user.
Now I don't think the Iran govt has any leverage to force companies to release their sources, nor forcing them to install backdoors on their behalf, but if they found a way to sneak new firmware or system level apps into phones sold there, that would be a possibility.
This is the wrong threat model, I say more here[0]. There's a difference in threat model when you're an individual vs part of a large protest/revolution. A government can't arrest everyone. They can definitely get a mole into the encrypted discussion (even if it isn't technological). You can't vet hundreds of people in such a short time. Protests and revolutions have been organized in the open on Facebook and Twitter for exactly this reason. Because it doesn't matter. You're going to go out and show your face to CCTV anyways.
Now I don't think the Iran govt has any leverage to force companies to release their sources, nor forcing them to install backdoors on their behalf, but if they found a way to sneak new firmware or system level apps into phones sold there, that would be a possibility.