Just leave your phone at home, and bring a Digital camera, and few SD Cards ... Oh, wait.. < insert company name here > makes Cameras that spy on you... nevermind...
maybe we should hire a fast sketching artist to draw police brutality ... What.!... your pencil can track you now... come...ooooonnn
No, its better to have a smart device that syncs photos to your encrypted cloud in case you're attacked and your attacker breaks your SD card to destroy the evidence
Burner phones are a strange concept. If you want to store sensitive data on it, you shouldnt use some cheap android phone or even a dumbphone without encryption support.
All Android phones have Google malware installed by default, as system apps, which means those apps can do whatever they want.
So every piece of data you put on there is possibly tracked and collected.
Then there are 2 more problems
the software is proprietary and cannot be externally wiped clean
the software is outdated
This makes it vulnerable to Pegasus attacks and others. There are tons of secure practices to avoid getting it, like LTE-only, HTTPS only, encrypted and trustworthy DNS, sandboxed processes, blocked javascript execution from unknown websites...
But still if the phone is outdated there are unpatched and publicly known security issues. Just spamming them at all phones is likely to succeed as so many people run vulnerable versions, as vendors suck.
Then if you have pegasus, the only way for security is to reflash the A/B partitions, both. Factory reset is not secure as it will keep what is already in the system partitions.
The firmware is protected and signed by the vendors, so it is likely clean.
But Pegasus installs itself to the phone storage.
If you A cant obtain factory images or B cant flash the phone at all, you cannot wipe it clean.
So a good activism phone needs
trustworthy and minimal system apps / stock software
modern software updates
possible to reflash whole device externally
nice to have: ability to verify checksum of system partition, like GrapheneOS Attestation
This makes them poorly pretty expensive. I think a slightly outdated GrapheneOS phone is okay though.
Yes I know, and I want to try DivestOS one time. But they do incomplete patches.
They cannot update the kernel themselves or even worse the firmware. The kernel needs to be built and patched for the specific hardware, GrapheneOS relies completely on Google here. And the firmware needs to be signed by the vendors, so no chance either.
And especially baseband, cellular stuff has extremely many vulnerabilities in the code.