He also seems to be throwing in unrelated concerns and just glossing over the details that bring their relevance into question - consider this paragraph

Browser extensions, mobile, and desktop apps also implement logic to attack users by regions and based on their political views. Nowadays, there are many teams who buy popular apps and browser extensions to inject malware. I have a blog post about it.

You're not going to be able to identify whether a developer might do a deal that compromises a library you use based on their political stance - it's an entirely unrelated threat vector to his core thesis (and even his own related blog post recognises this, discussing how developers of browser extensions are sometimes tricked into including malicious code - something that is even less related to their political beliefs than their willingness to take a bribe or payout.

Actually, it still is relevant because custom ROMs often incorporate driver and security updates to the base ROM.

I know Graphene recommends against the out-of-support Pixels for this reason.

Ooh, this may be more worth a look then. I had hoped I'd be able to use the old phone to get up to speed before considering going to a custom ROM on my main device but it sounds like a Samsung S8 may be an exceptionally poor choice due to driver availability and other issues.

Graphene sounds like it addresses a lot of the needs that are pushing me away from stock Android (unnecessary bundled services, concern about Google harvesting more data than they should, Bixby / Google Assistant re-enabling itself every few updates and being pushed on users) but does so in a way won't sacrifice too much functionality (will definitely learn more about sandboxed Play services - that sounds useful).

I may have to consider getting a refurbished Pixel and setting it up with Graphene.