So I actually use this as my daily driver, but I think it illustrates the point quite well.

The only way to meaningfully secure a GNU/Linux desktop is to run multiple instances of it through a type-1 hypervisor.

For a mobile device, a user prioritizing privacy, security and FOSS would be much better served by GrapheneOS.