AOSP is not an open source project, despite the name. It is an export of the parts of the proprietary Android project which Google sees fit to release to the general public. Android is developed in secret and then the AOSP version is exported out of it. As such, AOSP is definitely still very much "made by an ad company".

AOSP is absolutely open source: the code can be viewed, modified, built and deployed as desired. There's good reason to be skeptical of Google-developed software, but your characterization of AOSP as "not open source" is simply not tenable.

Android versions in development are not open to contributions or community participation. Android is developed in secret behind closed doors. The end product AOSP spits out is open source, but to call it an open source project would be an extreme mischaracterization. And it is developed by Google, an ad company, not the community that eventually uses it.

Accepting external contributions is not a requirement of either Open Source or Free Software, and enforcing such a requirement is explicitly contra to the spirit of Free Software. The entire movement is about freedom, which includes the freedom not to accept downstream code.

Does LineageOS & GrapheneOS provides source code for all closed kernel drivers include modems?

How many people they can assign for serious Android security audit (>million lines of code)?

So, better be realistic about resources. Lineage even used Google DNS & Google internet checkers a lot of time, and probably uses it now. And I even don't started talking about general Google Play store apps, sending user data to Chinese servers is "normal" now.

What does any of this have to do with whether or not AOSP is open source? The Play Store isn't even part of AOSP nor Lineage/Graphene, so the point of that tangent is even less clear.