Stock android on modern device vs Divest OS on old device

Having a limited budget for purchasing a new android device and a modern Google Pixel being unreachable for me, I’m left choosing between a budget Samsung like the Galaxy A13 or A04s and an old Divest OS supported phone like the Google Pixel 2.
I understand the former has firmware and kernel updates but contains corporate spyware that cannot be disabled. While latter can run Divest OS and thus be cleaned from corporate spyware however, since it has been discontinued from Google it won’t receive firmware updates.

So what I’m asking is, which of the two is the worse poison.

Are firmware and kernel updates really that important that outweigh corporate spying? I trust most apps I plan on installing so I’m not really concerned with Android sandboxing as long as I’m not vulnerable to attacks that can be performed via websites or instant messages.

Thank you in advance.

I would choose a modern device and would work on hardening it through (RethinkDNS, Mull, …). With an old device, you are submitted to numerous potential leaks.

It is hard to answer. It highly depends on what you try to protect and from whom and why. I tend to day the divestOS phone as these Samsung phones are generally crap.
Without sandboxing the risk of the attacks you describe actually are higher. Do you mean sms as IM? Sms is quite a concern to have. I think the best way to avoid these attacks is to limit exposure. Even modern and updated phones can be vulnerable go this.