This would be a modified android OS that is stock with some additional features.
CyanogenMod has a lot of improvements over stock android and is controlled by community and not by corporate google who may be forced to try to put back doors in their OS.
From there you will want to be on the latest version of the operation system because you will want to have the app protection with permissions that android 6 and above have and you will want to be using full hard drive encryption on the device. To protect against governments forcing Google or Apple from unlocking the device you will want to not install the Google Play store on the phone just to be sure they can't force it to be unlocked.
For additional security, and to help protect your information from theft while the device is on and not locked down, you can use an app called Cryptonite. This may seem like over doing it but just in case someone gets on the device or they hack the device it self then you have an additional step of protection.
Communication on the devices is also very important to have.
using an app called OpenKeychain will help you protect your connections with strong pgp encryption. so even if they force your email provider to hand over your emails they will be encrypted and not able to be read.
Messaging and Calling:
The easiest way and with the least trouble is using an app called Signal. Signal has data voice calling and encrypted text messages. It keeps the texts encrypted on your device and not just in transit. You have additional protection by being able to put a password on the application it self that will lock the app so even if someone gets your phone unlocked and tries to get into your messages its secure. You can have private calls to your loved ones and know that they are secure and that getting messages that are not modified by anyone.
Browsing the Web:
From there you can also try additional steps to keep private using some other apps. There are tools like Orbot which is the tor network, F-Droid which will give you access to the ip2 network, or vpn access from companies like Private Internet Access who don't keep logs. Or if you like to set up and use your own open vpn and tunnel it over a ssh tunnel to make it look like normal https traffic then there are these 2 applications TLS/SSL Tunnel and OpenVPN or if you want to be different you can go with a vpn like shadowsocks.
Password management is very hard for a lot of people. I find having a password manager the easiest thing that syncs between my devices. you can use a program like passwordsafe and have it sync the encrypted password file between your many devices. This will help with if any website gets compromised like they do quite often then your password that got leaked is only 1 password and does not compromise anything else for you.
I also use 2 step verification for every account that supports it which I seriously think about not using a service if they do not support it and probably the best app for that is the Authenticator app which is produced by Google.
I hope these apps will help you secure your android device down more than it currently is and help you become safer and less likely to be compromised.
Thanks for reading and please share with others so they can learn also.
Local Tech Repair Admin