Talking about Snowden this seems like meta hypothetical three letter agencies' capabilities.
Hypothetical worst-case scenarios like backdoors, nationstate adversaries, intelligence agencies or "Three Letter Agencies" and their capabilities. This type of discussion just ends up being GrapheneOS versus your imagination. Code has limits, your imagination doesn't, and it's not useful to threat model against an adversary whose capabilities are hypothetical and unlimited.
By the way, me citing the rules isn't me trying to play mod or put anyone in their place. I hope I don't come off that way, and if I do, I apologize. I just think this one in particular is well-worded, so I quoted it.
No doubt Snowden knew things, but I'd bet being in his situation has made him a bit paranoid, so he might take some steps that are, frankly, not worth taking, even in his position having pissed off the US Government. The fact is Android is used on millions of devices around the world, is consistently updated, and is (as far as anyone knows) secure enough. Also, security researchers around the world test Android for vulnerabilities. There's a reason three letter agencies go to Google or Apple or whatever to collect data instead of trying to hack phones. Considering Android uses secure boot, the OS can't be tampered with, which leaves hypothetical Zero-days and/or hypothetical backdoored hardware.
So, in closing, I wouldn't bother caring what Snowden would do, or take anything he would do as good advice for securing one's own info. But it is kind of funny.