Since I need to run a few apps that won't work on LineageOS (because dumb developer security stance), I need to buy a "regular" android device that includes all the google "services".
Ideally, it should be a cheap second-hand phone that will still receive security updates for a long time.
Are there bands that are better (well, "less worse") than others from a privacy perspective?
I would personally go with the pixel line, as they just have the google spyware, and not 3 other companies spyware installed on top of Google spyware. Also they generally have decent security updates, and get them faster than most other brands, and then you have the option to switch to grapheneOS should you want too. They are also fairly affordable especially if you are getting them second hand.
I definitely second this. From what I've read, graphene's sandboxed google services work a little more seamlessly compared to microg.
Edit: you might want to be careful with secondhand, though, regarding locked bootloaders. An unlocked bootloader is necessary and is NOT the same as "carrier unlocked"
I had bad luck and ended up with a Pixel 2 that was carrier unlocked, appeared to have an unlocked bootloader but was some special Verizon version that did not allow flashing. Fuck you, Verizon.
Yuuup, Verizon is exactly what I was getting at lol. They seem to be the most common refurb/second hand devices.
Swappa.com is a good place to get a second hand one