On Android, since SafetyNet, if you want to run custom ROMs, you have to use workarounds to pass safety checks in important apps, like for banking. I would prefer not to use workarounds, as I don't want to wake up one day with important apps locked, possibly for a long period until a new workaround is found, if even.
I use an iPhone right now, and one thing I considered was to keep using the iPhone for banking apps, and get an Android phone with a custom ROM (probably something like LineageOS, built myself from source) for everything else. Use the Android for privacy, iPhone for apps that require SafetyNet on Android. This would work, but it would be less convenient to manage 2 phones.
What do you use?
If your OS isn’t collecting telemetry, your ISP probably is. If somehow both of those aren’t, most phones modems have so many vulnerabilities in them a bad actor can exploit the RTOS and your application processor will never be the wiser.
TL;DR modern smartphones are the devil.
Source: been doing this type of work on/off for about 10 years.