> "just use a second phone" cannot be the answer
It is the best answer at the moment. You can keep an absolute basic phone with all the banking and such apps loaded and nothing else. You treat it like an appliance. Your daily driver will be separate and can be running PostmarketOS or LineageOS etc.
There are several benefits off the top of my head:
1. Since you only install banking/govt type apps on your "important" phone, it stays more secure vs. putting your random game app along with the banking app on the same phone.
2. When you upgrade your daily driver, you don't need to deal with tons of re-auth steps for banking/govt apps.
3. Your daily driver can be customized to the nth degree because the pesky banking app won't be on it to refuse login because, say, you turned on developer options or rooted the phone.
4. You can even leave the basic phone at home for extra safety, if you wish, without affecting your daily driver.
5. You can root your daily driver and put as much adblocking setup as you want to boost your privacy. Your basic phone won't have enough activity outside banking/govt. to build much of a profile.
There's just one problem: increasingly, everything that makes a phone a "daily driver" is the thing that can only work on the "important" phone. Banking/finance, government services, commerce, work, communications (thanks a lot E2EE), and DRM-ed entertainment - all the major players here are locking their software down and relying on remote attestation to ensure their locks stay shut.
With this being the trend, you're already more likely to leave what you called "daily driver" phone home, and only take the "important" one with you.
Still waiting for someone to make a tiny token sized phone. Unfortunately the smallest around, Unihertz Atom, is both outdated and too low resolution for some apps to work.
Been doing this for years. Old phone for testing apps and running servers
All the Google stuff is disabled, open source Contacts app,^1 no Google Play Services, no access to remote DNS, Netguard for application firewall and port forwarding, with computer I control as gateway. 1. Have yet to find any other app that can access contacts when storing them this way, even the Meta's biggest Trojans
Meanwhile, new phone, "important phone", stays offline. Wifi off. Location off. path?.xtracloud.net blocked. Phone is used for texting and phone calls, no internet access
The "banking app" argument, i.e., either install a custom ROM or give up or submit to surveillance, is a false dichotomy. There are other options
I don't use a phone for internet banking, I use a computer I can control; there is no "banking app" (talk about high risk, geez)
The "banking app" problem is a common refrain on HN but in the real world I know many people who do not use a phone for internet banking
Mobile OS just suck. It's like being forced to use MS Windows