I don't think any rational discussion about privacy can be had without first describing exactly what your definition of "privacy" is in this specific context, AND you must define a threat model. Otherwise we can't know if the vendor is even relevant to what they care about.

Privacy from what? From a determined government and court system? Nothing is going to keep you private from that. From your peers and family? Apple and Google keep you private in that regard. As for the world of privacy in between those extremes: it depends.

From advertizers? From power-grabbing BigTech?

> From a determined government and court system? Nothing is going to keep you private from that

While there's always https://xkcd.com/538/ there are not currently quantum computers that can factor 4k RSA keys, so the court can order whatever it wants, unless they have a way past that (which may involve variations of xkcd 538), they ain't getting shit out of a properly configured digital safe. (construction of said safe is left as an exercise to the reader.)

Or they can just let you rot in jail for contempt charges

Most of us (reporters included) aren't protecting anything with their life, not just because of a survival instinct, but because what we're protecting isn't actually worth that much.

For the relative handful who are custodians of that sort of data, history suggests a smaller minority than they'd like to admit have a readily achievable breaking point. The true believers who are left then are a minority that's hardly impossible to track and subvert through attacks that don't involve decryption on a device.

The point of that XKCD wasn't to be THE SINGULAR EXAMPLE, it's sort of a Zen Koan for people who only think in terms of technical risks and solutions.

xkcd 538 can be defeated by a duress wipe feature like the one GrapheneOS has. Your life might be in jeopardy, but the data will be safe.