To piss off the right people accordingly:

- Use the most recent phone you possibly can

- Upgrade your phone to the newest possible generation as soon as possible after release

- Use the latest version of GrapheneOS ASAP

- Use a strong high entropy passphrase (makes bruteforce impossible if secure element is exploited)

- Set auto reboot time accordingly so encrypted data goes back at rest when the phone reboots.

- Turn phone off when in a risky situation.

- Disable radios when not using them (turn off Wi-Fi, use airplane mode, disable NFC, UWB etc.)

- Set an appropriate USB port control

- Use user profiles (data stored encrypted with separate credentials)

- Enable duress password when it comes out

- Enable second factor authentication unlock when it comes out