Android phones are only supported for 2 years (3 if you are lucky and get one on the release day). After that there are some options with flashing custom Linux distro. This fixes software security issues but not hardware/firmware issues: https://arstechnica.com/information-technology/2020/08/snapdragon-chip-flaws-put-1-billion-android-phones-at-risk-of-data-theft/
Why we should not accept this state of things.