I like the idea of using an old android phone.
Did the carrier put in a back door when they made that build? Do they still have the ability to remotely access or monitor the device?
I would only do this if you could reformat the device and install a version of android that created a secure bitcoin environment ?
Isn't the Android system is completely open source? Then there wouldn't be any chance for the manufacturers to install a back door anyway.
I don't know if they still do this but i thought Google leaves in code that sends "statistical" usage information in your phone in the source code version... i believe you have to remove it manually(something a wizard would require to do) to stop it from sending.