Open source or source availability is not a requirement for auditing a system. There would be evidence that would have almost certainly been found by now if this was the case. It is up to you, or the claimant, to prove their claims. I can say that there has not been any evidence of data collection by hardware components found, despite years of Pixel devices being tested by security researchers and mobile forensics companies. Not only that, the actual technical capabilities of the hardware (isolated component without networking capabilities) backs that up.
There is no “hole”. It has nothing to do specifically with being from Google, only that no one else but Google is manufacturing devices that meet the hardware requirements and have full support for alternate OSes.
It is an isolated component without networking. This is not evidence that unknown data collection is occurring. You need to provide actual evidence that it is.
The goals are completely different, and the actual implementations are miles apart. They aren’t comparable apart from a common AOSP ancestor.