I think you've got number 3 backwards. GraphQL is a generic query solution that is harder to optimize than an endpoint that was built as a one-off for a front-end use case. Endpoints designed to support a specific UI view or operation are easy to optimize because their use case is narrow and the queries can be modified simply and safely. There might be more ceremony, but it's much more maintainable in my opinion.
Graphql servers are typically not run in a manner that allows arbitrary query execution, usually only a select set of queries that were written by the devs, tested, and potentially profiled before deployment. from that perspective, if a mobile client is written to work against the interface they provide, then if you need to fix things on the backend, you can potentially do so without the frontend being aware of it. In that sense it's the same thing as a specifically designed REST endpoint, so I'll give you that, but it's hardly a negative in GraphQL's favor.
