Privacy and security isn’t an all-or-nothing matter though. While a Pixel running GrapheneOS would indeed be more secure privacy-wise than an iPhone, not only would one have to be willing to do without a digital wallet, among other features that unfortunately have telemetry injected into them, but would still depend on the user not installing any of the common apps that would harvest data, even on a de-Googled phone.

Apple disabled the feature in the UK because the alternative, per the British government, was to add a backdoor to it.

Apple charges unreasonably high profit margins on its products as its primary business model, along with locking down their ecosystem to push overpriced subscriptions to the detriment of competitors, to not need the same level of invasive data collection that powers Google’s advertising business.

There’s many reasons not to get an iPhone, but privacy worries, in contrast to Android, is not one of them.

Rather than take an all or nothing attitude on the matter, I certainly think your friend would be better off trying make smart choices with his data whenever possible. Ultimately though, it’s something that he has to be motivated to do himself. Perhaps informing him of potential privacy risks would be helpful in that regard.