This forum is full of sad stories from folks having lost their funds in software wallets. Yes, software systems do get attacked. Not only the direct code of the wallet implementation but also its dependencies. Not only past and current releases but also future releases will get attacked.
The attack surface is massive especially on a phone. Only give your private key to a piece of software when you can be absolutely sure that it will never be compromised - in fact you can’t.
Instead, put your key on a hardware chip that is especially designed for that. It comes with guarantees that the key will never leave the chip. An attacker can never move your coin unless he/she can also press the buttons on your device - no software attack can do that.
If you have less than $100 in crypto, you may ignore the above. Otherwise, please get yourself a HW wallet like Ledger for example.
PS: If you setup a stake pool … cold keys and owner accounts can be secured with a HW wallet too. Do that, instead of moving *.skey files around.