Absolutely, security updates are much more important than feature updates. Upgrading to newer Android versions is mostly useful to have access to newer Android APIs (apps eventually will require newer versions, although that usually takes quite a while). Another benefit of newer Android versions might be added security features.
Samsung’s update policy for their lower end models is pretty atrocious. While on paper they offer updates for a couple of years, it you look more closely, you’ll notice that the update intervals get larger and larger as time goes on. You might not get important updates for half a year. Sure, still better than not updates at all, but a pretty awful policy for security updates.
Fairphone is actually worse than Google when it comes to updates. Even their flagship phone is still on Android 13. Even the Pixel 6 runs Android 15 at this point and with this news it is guaranteed to get at least Android 17. Google has always been offering 5 years of support for the Pixel 6 and 7 series. What they didn’t promise until this announcement was additional feature/OS upgrades, but when it comes to that they were already ahead of Fairphone.
When it comes to alternative OSes, Google actually makes it very easy to install them. That’s one reason why GrapheneOS and the likes chose Pixel phones as their primarily supported phones.
For the Pixel 6 and 7 series Google has promised 5 years of security updates right from the beginning. What’s new here is that they now also offer feature and OS upgrades for that same time period. Certainly nice to have, but not essential.
I understand their reasoning behind this, but I am not sure, this is such a good idea. Imagine Letsencrypt having technical issues or getting DDoS’d. If the certificates are valid for 90 days and are typically renewed well in advance, no real problem arises, but with only 6 days in total, you really can’t renew them all that much in advance, so this risk of lots of sites having expired certificates in such a situation appears quite large to me.