Happy GrapheneOS user here as well, but...
I am having a hard time believing your first link, which says:
> In Anna’s case, stalkerware was disguised as a picture message, sent to her by the man she was dating (let’s call him David), just a few weeks after they met. She was then under constant surveillance for about two years
That sounds like an NSO-level attack, right? I doubt abusers routinely pull that out?!
I totally get the problem that "the abuser knows the iCloud password and can use the FindMyPhone feature to track the victim", or "the abuser convinced the victim to install an app that would track the victim without their consent". But I am genuinely wondering how much GrapheneOS protects against that.