1) Only buy smartphones from vendors who release patches quickly (Keep it patched and apps updated)
2) Lock your phone with a 6 digit passcode
3) Use two-factor authentication.
While you're securing your phone, let's lock down your Google services as well. The best way of doing this is with Google's own two-factor authentication.
Here's how to do it: Login-in to your Google account and head to the two-step verification settings page. Once there, choose "Using 2-step verification" from the menu. From there, follow the prompts. You'll be asked for your phone number. You can get verification codes by voice or SMS on your phone. I find texting easier.
In seconds, you'll get a call with your verification number. You then enter this code into your web browser's data entry box Your device will then ask you if you want it to remember the computer you're using. If you answer, "yes" that programs will be authorized for use for 30-days. Finally, you turn on 2-step verification and you're done.
4) Only use apps from the Google or Apple Store.
Google Play Protect can automatically scan your Android device for malware when you install programs. Make sure it's on by going to Settings > Security > Play Protect. For maximum security, click Full scanning and "Scan device for security threats" on.
5) Use device encryption.
To encrypt your device, go to Settings > Security > Encrypt Device and follow the prompts.
6) Use a Virtual Private Network.
In my experience, the best of these are: Private Internet Access, or Nord VPN. What you don't want to do, no matter how tempted you may be, is to use a free VPN service.
7) Password management.
The best of the bunch are: LastPass, 1Password, and Dashlane.
8) Use anti-virus software.
So, the best freeware A/V program today is Avast Mobile Security & Antivirus.
9) Turn off connections when you don't need them.
If you're not using Wi-Fi or Bluetooth, turn them off.
10) If you don't use an app, uninstall it.
11) All devices should be set to erase all of the device’s data automatically after a set number of password attempts
12)Check Apps permission and location usage