How would you even know if you had secret malware program running on your phone?
Some Chinese phones probably have hidden code running on firmware level and you can't even detect it's there.
Even with best phones you are constantly connected to internet, so only way to make it more secure is to use secondary offline phone device.
This can be your old phone or hardware wallet with installed wallet, and this can be used with other hot wallet that is connected with internet.
Even better if you have Pixel phones, because you can install open source Graphene OS on them.
Honestly...i really don't know if my Android is safe or not. I'll only find out when something bad happens, whether it's an account hack or maybe I get hit with a hijack. But I also don't want to lose too much over something I own just to find out that my security is at risk.... it's not worth the hassle for an experience like that.
Even when you mention the default factory firmware being suspicious, I already feel unsafe here. And there's really no big reason for me to keep a large balance on my Android wallet with a sketchy operating system. High mobility doesn't need big balance.