The Android phones with the longest updates are:
- Shiftphone 8 (planned release in early 2024): 9 years*
- Fairphone 5: 8 years
- Google Pixel 8: 7 years
- Samsung S21/22/23 and some A models: 5 years
*not sure if this includes firmware/drivers or just OS/AOSP updates; probably the latter as it will use the same CPU as the Fairphone
So that’s for the length security updates, but note that some phones may get them with a delay.
In terms of privacy you’ll want to install a custom OS (usually called “ROM” in the Android context), ideally GrapheneOS or otherwise DivestOS (see here for more info). The Pixel is supported by pretty much every custom ROM; Fairphone and Shiftphone also support custom ROMs but unfortunately GrapheneOS doesn’t support it; Samsung phones are completely locked down with no option to install another OS.
If you mostly care about privacy rather than security, and you can’t get a Pixel in your country, have a look at the devices supported by DivestOS.