It doesn't for me at all. If I go to the URL I provided in the OP, the Google server responds with a 301 status code and Location header. Both when logged into a Google account and without logging in. Strange that it behaves in a different way (?) for you.
It will probably filter the URL through Google Safe Browsing, but that doesn't help much for phishing as they mostly use new or reputable domains, and browsers check that list on default settings anyway.
Using Vanadium on grapheneos and I get
"The page you were on is trying to send you to https://news.ycombinator.com/item?id=46613684.
If you do not want to visit that page, you can return to the previous page."
First, anyone truly concerned about this for actual use cases just isn’t going to bring their phone with them at sensitive times. Especially after the infamous chip bag Italian meta data incident.
Second, it’s conspicuous and kinda suspicious so its use is limited to primarily virtue signaling privacy advocates or crazy people and the latter aren’t usually big spenders.
Third: the engineering sounds challenging. All that metal in an undeployed fashion is going to reflect and interfere with reception. ( it isn’t an iron man suit, it has to get packed somewhere.). That may also interfere with RF safety approvals? Finally, avoiding RF leakage is surprisingly difficult in practice.