Maybe that's because of the boogeyman being feared and so people update enough to make such attacks not common enough to be worth it, so once we stop fearing it... but idk. So far it hasn't mattered to have devices with Bluetooth vulnerabilities at hacker conferences of all places
Isnt this exactly the point? Most people who aren't the target of state intelligence agencies have little to worry about from using an older phone.