It is advisable to keep your private key or phrase in hardware wallet or some offline storage system as keeping these detail in phone will be a stupid decision. Talking about crypto related app , always enable 2fa and pin security option so it will difficult for another party to look inside your app and do not install these miner or false looking apps or do not give access to them.