I personally do not see any privacy benefit of DoH over DoT. The only thing that I see is that the application is now able to perform DNS queries without the oversight of the operator.
In Android the ability to modify HTTPS traffic on the fly was neutered some time ago with the introduction of only trusting system certificates by default for published applications. this was touted at the time as a security measure to stop eavesdroppers or those looking to modify legitimate application traffic. the result it had though is that the user themselves is no longer able to read the HTTPS traffic leaving their device without having to either patch each application or root their device. At the time not many people considered this to be an issue because really who wants to inspect all the HTTPS traffic on their device - a pen tester would be able to get around this and the layman would never need to do it anyway.
Since the advent of Pi Hole and DNS privacy as a concept the first thing people look to do is to block access to those revenue generating domains for Google (in the case of Android) and others.
The solution on their part is simple - 1. move the DNS queries in to a layer where they can no longer be eavesdropped (the laymans HTTPS) and 2. move the resolution away from a process that the owner has control of (OS DNS resolution, or delegated to the local DNS server).
You could set up some redirect for DoH servers to one on your local domain, implement a self-signed root certificate, add it to your devices and the DoH server and let it run its course but this wouldn't stop the problematic element whereby a rogue process queries an unknown HTTPS site to resolve DNS and also wouldn't stop mobile OS's which employ certificate pinning and non-trust of user certificates.
You could perform deep packet inspection at the router to drop traffic which contains DoH requests but this requires hardware and still the root certificate on all your devices.
Finally the solution is to run a blocklist for known DoH servers so they do not resolve in the first place and to hope that any rogue DoH servers end up on one of the malware blocks you have going.
For now though I am dropping packets for ports 53 and 853 at my router unless they originated from my Pi Hole.
tl;dr: I do not like DoH. It is being being employed to move control of network traffic back to device/application manufacturers and away from owners.