The attack vector for brute forcing encryption passwords doesn’t have much to do with the freedom and features. What does matter, is that Apple has control over the entire production chain. Few companies do.
Google mostly does, but their software isn’t as good as Apple’s. However, GrapheneOS on a Pixel is resistent against Cellebrite the same way iPhones are.
I wish Android vendors took security more seriously, but I don’t think they care much, because their users don’t really care. They’ll care as long as they use the security features to force you to use their ad ridden software (like how Samsung will refuse to load the camera firmware properly if you unlock the bootloader on some devices).
Google tries, but seems to prefer usability over security in small ways that GrapheneOS doesn’t. Things like “disable the USB connector when the device is locked”, breaking plenty of work flows but protecting against whole classes of exploits.