Go out of your way to use stock Android on Pixel devices or GrapheneOS instead. At least if somebody decided to burn their exploit you got a chance to profit over it.
iPhone might also work but it's too hard to do forensics.
Same. Had a Pixel 2 and tried to flash lineageOS on there but it didn't work.
Picked up a newer Pixel and it worked then, but found it was hard to live without the goog services. It was either that or trust some rando packages in F-Droid, so went back to the Play store