AOSP is not proprietary. Also security is not achieved merely by the merit of being libre, see CVEs for sudo, glibc or Apache HTTP server or even the Linux kernel itself.
And when it comes to proprietary firmware updates, in case of x86 one such notable example is the microcode which is pretty important to keep updated for security.
on Firefox if a desktop addon has no mobile version you can look up how to add custom add-ons collections when it comes to cookie prompt blockers, but ublock origin and adding filters to it work out of the box. Recently also some apps started showing cookie prompts with no option to decline unless you pay, if they can work offline, make them so
just get an extension and adblocker filters to automatically dismiss/block cookie dialogs and use an allowlist for sites from which you actually need to persist cookies in your browser's settings and set your browser to delete everything else on exit. With Firefox and browsers based on it you can, in addition to that, use container tabs (try sticky containers extension) for even better context isolation.
Pinephone doesn't have features like IOMMU isolation or even verified boot. Also as a matter of fact, permission control, unless you're using flatpak/bwrap/firejail is actually better on Android than Linux. Plus long before the first usable part of Linux written in Rust was released, large parts of low level AOSP code were already rewritten in it.
oh sorry then, thought it works like some radar, don't know what the proper name is for what I'm thinking about then. I'm not a mobile dev so I could be wrong.
war crimes. Played hoi4 as Yugoslavia. Beat Bulgaria, Italy and France in 2 hours.