@Hawkmoon Experts talk about security all the time, but most users don't even follow security best practices and no amount of security measures built into their phone will make them 100% secure. I know that is I lose my phone, in theory, it would be possible to retrieve all data off it — and it's always best to assume that because it's a matter of how much effort one is willing to put into accessing your data: petty thief doesn't care about it at all, he just wants the device itself…
@Hawkmoon …and even full disk encryption won't make it secure against 3 letter agencies.
So… I just don't store any sensitive data on my phone😂
And I know that if I lose it, I'd have to change passwords to all accounts I've been using on it — that's it.
As for remote exploits — no, using F-droid or AOSP-based ROM doesn't make you less secure — as code is open, it gets audited by security researchers all the time, if some serious vulnerability gets discovered, it gets fixed in opensource SW too.