@Hansel you've provided for an entertaining, informative thread on both sides of the coin. and been provided with generous technically knowledgeable responses to develop a good faith discussion. However each response hasn't been matched in turn with points that provide evidence or validations to your emotive positions and claims.
To continue this appropriately and to avoid concern trolling can I request that you supply evidence etc to backup your concerns going forward so as to provide value to everyone in the community. I for one would love to read specifically what it was that made you want to bring this up in our forum, especially when it isn't particularly pertinent to GrapheneOS and has veered way off your initial question.
To recap: you must ensure you get the G025J variant of the 4a, use a device in production for latest firmware/security updates, don't stay on the Xiaomi with A11 (regardless of OEM re A11 if security is of concern), updates are important, period, not much can protect you from a state level adversary who is determined enough and no evidence of commercial actors targeting GOS. For everything else develop your threat model, behave appropriately and anything else is conjecture without provided evidence.