Mostly because Apple’s update policy is superior to A LOT of Android companies. OEMs are really slow when patching known vulnerabilities.

Quick study I found when trying to find evidence:

https://www.ftc.gov/system/files/ftc_gov/pdf/16-Acar-A-Device-Centric-Analysis-of-Android-Security-Updates.pdf

Example from that study:

Compared to the top three OEMs we examined so far, Google is the one with the most stable support behavior. All of the Pixel devices receive monthly security updates without any delay or missed SPLs [Security Patch Levels]

It’s utterly insane this is noteworthy. Not delaying security updates for KNOWN vulnerabilities should not be exemplary.