ve3jlg Where can I confirm this situation independently? Any links to credible sources?
Can you provide further details about what you're looking for in terms of credibility?
For example, if "credible source" means "written by Fairphone", then I think it's unlikely that an official Fairphone person would write "our security is inadequate".
GrapheneOS wrote "Fairphone 4 does not include a secure element". Is there a credible source that says the Fairphone 5 has a secure element? I just looked at a Qualcomm web page about the QCM6490 and while there is a box labeled "Security" that's not useful. The bottom of the page says "To access more QCM6490 resources, you need to be a member of a verified company", which is not particularly encouraging.
GrapheneOS also wrote "The Fairphone 4 doesn't currently receive proper security support but rather receives the Android Security Bulletin patches consistently 1-2 months late and many of the recommended patches (Pixel Update Bulletin) years late."
That statement could be verified, or disproven, by examining Fairphone release notes and/or commit logs. Though I think it would be great to have GrapheneOS running on more than one hardware platform, I personally can't estimate when I might have time to analyze Fairphone commit logs -- or whether I would count as a credible source.
I looked briefly at the Fairphone web site and saw the word "security" a bunch of times, but I didn't see any details. Personally I consider the specific claims made by GrapheneOS to be at least fairly credible, and it's not clear which other sources discuss Fairphone security in any detail.