I'm not sure about it. I think most people are concerned about their privacy 'from' google, not Google's ability to protect their data from rest of the world. If it's the latter, I trust Google. For example, Google was the first one to start voluntarily publishing government's requests as transparency reports, which others had to follow. Even technically, they have done great deal of work (if you regularly read their blogs) to protect my data from unintended parties.
If it's the former, however, then it's arguable and a little subjective so I won't go into that.
> Google has a terrible track record when it comes to protecting their user's privacy (and security to a second degree)
Security to a second degree? One of the (valid) criticism to Android is that OEMs don't provide firmware updates or at least security and reliability fixes. This is a fair claim; you need to be careful about this if you decide to buy an Android phone (although there's the option to root a phone and install CM or LineageOS).
Google however in this case rules correctly by example. They've been updating Android firmware for their devices regularly, up till 2 years after purchase of device. If you want a secure Android phone, software-wise a recent Google device is one of your safest bets. Motorola's track record pre Lenovo was also good. Ever since Lenovo bought Motorola, not so much.
Of course, the privacy issue stands (insofar to profiling and internally in Google as they profit from knowing as much of you so they can advertise effectively) but that is the price of any Google product. That is where Google and Apple differ (at this time of writing; it can change, just look at Microsoft).
Yeah I meant the OEM situation. If google cared for Android user's security there would've been a certificate a long time ago. Where Apple might be overprotective (certs for charging cables), Google is absolutely negligent.
If it's the former, however, then it's arguable and a little subjective so I won't go into that.