As far as Android goes: who's auditing CopperheadOS? What white hats are looking at it and trying to compromise it so that it can be improved? What's their rep, what's their record, and how do they stack up against iOS's internal and external security tests?

As far as "ur own pgp enigmal with riseup" goes: how are you going to get people to email you? Are you, a journalist, going to manage SPF/DKIM and make sure you're doing it right? How are you going to manage antispam? Gmail is not perfect--but unless the totality of your threat model includes getting black-bagged because an NSL found encrypted emails in your inbox, it is probably the best option. (Protonmail is fine too, but increases friction--and increased friction increases the likelihood that you're not going to use it, falling back to easier tools.)

WhatsApp: either that or Signal are fine (and, indeed, run the same protocol!). XMPP relies largely on federation, which relies on federated servers not being compromised, so no, that's out. (I haven't looked at Silence, can't speak to it.)

Chromebooks are a decent option for some use cases, unless (as more and more journalists tend to do) you need something that can easily and effectively edit audio and video. Tails/Whonix/especially-Qubes are not because people need their stuff to actually work and to not spend more of their time fighting their computer than doing their jobs; to that end, a properly patched OS X is a pretty reasonable call.

"Getting real here" means finding a workable place on the do-your-job/security curve, and most of what you're saying is not. For example, of course you would "use social media", because that's a large part of the job of a journalist in 2017. Your recommendations, while (I assume) in good faith, indicate a willingness to invest more time in fighting your stuff than doing your job. Nobody else cares. Recommend what's easy and what gets 95% of the way there (and not, as with something like CopperheadOS, actually detracts).