The encryption on Android devices is pretty strong, as long as you use a good screen lock you should be fine. Yes they can reset you phone, but accessing your data is a whole other level.
If I had illegal shit on my phone, I wouldn't send it to apple servers by using an iPhone. They are the first who would comply with a surpena. I'd use GrapheneOS on a Pixel and use an obvious duress pin like 1234. If entered it wipes your encryption keys and avoids restoring your data.
And if it gets stolen, it is gone and I'd get a new one. This is the cost of having proper opsec.
Edit:
But I also think that freedom allows for more exploits.
This is a common misconception called security through obscurity
I'm prette sure they have to send the metadata to the client where an ad starts and ends. Just to make the ad clickable.
Timestamps can be calculated on the server, but maybe there will be an api endpoint that can be abused to search for the ads.