Mobile phones are never really secure, but any other than the stock Android is an advance. The worst privacy breaches are the used apps, if they are from Google Play, always check the app permissions in the phone settings, use WiFi only if needed, never store sensitive data in the phone, desactivate localisation/GPS if not needed, usw VPN or at least DNScrypt (InviZible Pro from F-Droid, never from Google Play), check apps with Exodus Privacy, use private chats (Matrix or similar instead of Whatscrap & cia), storing photos in a privacy respecting cloud instead of Google Photos, eg. https://ente.io/, especially always common sense, PEBCAK.
Mobile phones are never really secure, but any other than the stock Android is an advance. The worst privacy breaches are the used apps, if they are from Google Play, always check the app permissions in the phone settings, use WiFi only if needed, never store sensitive data in the phone, desactivate localisation/GPS if not needed, usw VPN or at least DNScrypt (InviZible Pro from F-Droid, never from Google Play), check apps with Exodus Privacy, use private chats (Matrix or similar instead of Whatscrap & cia), storing photos in a privacy respecting cloud instead of Google Photos, eg. https://ente.io/, especially always common sense, PEBCAK.