Bought /e/OS running CMF https://murena.com/shop/smartphones/brand-new/murena-cmf-phone-1/ few months ago, no frill, no tinkering, just works. Daily driver since I received it.
I do have more... specific phones, e.g. PinePhone and PinePhone Pro, but I never managed to use they as daily drivers.
That said, I'm only sharing this because it is "good enough" for me but you probably have different concerns than me. I'm not a political dissident, not a journalist, not a security researcher, just a random dude living in Western Europe.
I tend to find that identifying precisely what your threat model is facilitate pinpointing pragmatic options.
What's the pragmatic consequence of that? Are the security risk actually that great because Android architecture isn't that secure or rather isn't there a smaller and smaller amount of hard to execute exploit anyway that yes being up to date is always more secure yet only marginally so?
I'm asking because I worry that always playing faster catch up with Google leave them in charge.