> Approximately nobody is throwing away phones because the OEM stopped providing security patches.

This becomes a practical reason more quickly than you think. If a company only provides 4 years of security updates and they only provide 2 android MV releases, you quickly become out of date. I had a BlackBerry Key2 that I bought in 2018, I had to replace it in 2024 and I was really holding onto it despite a lot of practical problems - Slack dropped support for the version of Android a year earlier, it was only when I tried to install Google Wallet and could not that I finally decided despite the hardware and software functioning fine it really wasn't practical to use a device that was stuck on such an old version of Android. (I would've tried to figure out the kernel myself if the bootloader wasn't locked.)