Your link repeats again and again (and again) that his criticisms only apply to password storage. In his own words "as a Key Derivation Function, it is still very much useful and secure".
As GP said, Android uses it as a disk encryption KDF.
But why do they only apply to password storage? In both use cases cracking proceeds by running a lot of possible passwords through the algorithm and doing a cheap verification operation at the end - "does using this hash as a decryption key produce something that looks like ext4" is more expensive than "is this hash equal to the one I have on file", but not by that much. I don't see why a way to compute the hash more efficiently on some class of device would not be a concern for use as a KDF.
As GP said, Android uses it as a disk encryption KDF.