I understand Coinbase, would not keep coin there.
If I have a wallet.dat file? more confusion, I can't find one on my phone. There is a backup option in settings in the bitcoin android app, but no clue where this backup is stored, although I've seen some info suggesting it is on the SD Card in a format not compatible with other wallet.dat files. I am running Android 7.0 and can encrypt the phone ... but don't know if that applies to the SD card. I can remove and copy the sd card but don't know it that would work to insert in a new phone....
There is also an export function in settings, I can set a password and create a text file to email to myself, an email doesn't seem like a good idea... but the only option I can see at this time.
Regarding the pass phrase... that alone is not sufficient to somehow restore/import coin into a new wallet? My main concern is if the phone is lost or damaged, while I can remotely wipe the phone I'd need to restore the coin somewhere....
What I am starting to understand is why it will likely be a long time before this technology will be understood well enough to gain widespread consumer confidence.
Yes, do not keep coins anywhere online. It is always possible to become the next mt gox attack. If you back up your wallet on your phone, it is a big possibility that it is stored either on your google drive or sd card. I stored mine on my google drive. This way it is always accessible on new phones or anywhere else I get a wallet. Thats just me though, I am somewhat new to this and really only cloud mine. I only have a little coin.