If you install LineageOS (or any other AOSP derivative) and then use the F-Droid repository to install all your software (like OsmAnd~ instead of Google Maps), then you get de-googled Android. I’ve been doing that for the last 5 years. You need to search for your model and LineageOS on the xda-developers forum and read the comments to find out if everything works and if there are any tricks to installing/configuring. Every installation I have done has been difficult, but I learned a lot in the process.
If you don’t want the pain of doing the installation yourself, you can buy a phone from the /e/ Foundation, which is what I recommend for most people.
Android has some security advantages over Linux, because it has better sandboxing of apps and better kernel hardening. We will have to see how good PureOS/Phosh will be at sandboxing using flatpack+bubblewrap, but flatpack has been criticized on security grounds. Ubuntu Touch claims to have good sandboxing of apps that matches Android’s sandboxing.
Android has a ton of spyware and malware written for it, whereas with PureOS, you are only going to install free/open source apps in the PureOS Store. Purism says that it will have a badge system to identify good apps in terms of privacy. You can get the same benefits if you read the descriptions in F-Droid, which labels the apps that collect your data. However, most of the apps in the PureOS Store will probably be existing desktop GTK software that has been adapted for mobile, and very little of the existing desktop GTK software found in Linux distros like Debian collects user data.
With the Librem 5, you are getting hardware kill switches, and all the components like the cellular modem, GNSS and WiFi/Bluetooth are communicating over serial protocols (USB, SDIO, I2C, UART) that don’t allow Direct Memory Access. The makers of integrated SoC’s like Qualcomm claim that their IOMMUs are just as good at protecting against DMA, but it is hard to know since nothing is verifiable. With the Librem 5, you can read the schematics to verify that the hardware kill switches actually cut the power to components, so you know the component is turned off, and you will never have a problem like Google servers collecting geolocation data from Android, even when airplane mode is activated.
Purism uses security that is verifiable and controllable by the user. With an Android phone, you might have have verified boot, but it was signed by the manufacturer or Google, so you don’t control it. With the Librem 5, you can read the source code to everything in the root file system.
There are often proprietary drivers in Android phones. Even when Snapdragon is using an open source driver, its code was written by Qualcomm, and it hasn’t gone through the process of being committed to mainline Linux kernel, which requires code review by the Linux maintainers. In contrast, Purism is trying to get everything upstreamed to the mainline Linux kernel, and it will go through code review before being committed.