Last time I used LineageOS while you got the Android updates on most devices the underlying kernel and drivers were stuck at whatever the manufacturer originally shipped, and that included a bunch of security problems on most phones. Android security and updates is still a mess after all these years. For a while Android One seemed to help and I bought all my phones off that list, but even that's now gone. At this point anything that's not a Pixel within the (very short) support window is probably a big risk. Google really screwed this up.
This is all fixed now. Android 11 based ROMs introduced GSI (generic system images) which allow over the air updates and they even work with LineageOS.
Needs a newer underlying linux kernel though, so all the outdated 2.x kernel ports won't be compatible.
But I agree with you in your general point. Android OEM ROMs are a joke when it comes to support and they usually are out of date within the first year due to lack of maintenance on the vendor side.
I wish there was a more generic platform approach to this where drivers could be just packages instead of this whole statically built images mess that is also unusable for most endusers.
