Either it's a simple fabrication, or Ledger knows exactly how much someone has on their devices, which means that they log all the data from the device every time such a device is online.
It wouldn't be surprising that they did. After all, they want to know how much money their customers trust them with. I am not justifying the action, simply explaining what I believe is happening. If Electrum servers can find out loads of information about connected wallets, there is no reason not to think that Ledger's servers can't as well.
That has happened in 2019, do they still suffer from the same problem?
Yes, because it's an unfixable hardware defect that can't be ironed out with software patches. It was always there and will always be there for the models One and T in their current forms.
Btw they removed the support of AOPP but yeah, what you say about them is true.
They removed support following the negative comments surrounding it, but didn't mind signaling support for it.
It's interesting to know what you think about Coldcard or do you think that no hardware wallet is trustable and airgapped encrypted devices are the only last and one devices to use.
ColdCard is an airgapped wallet. You can work with PSBTs and import/export them with the help of an SD card for example. The device is not open-source but has public and verifiable code. It's better than standard USBconnected hardware wallets.