1. Use an iOS or Android Nexus device. Apple and Google do a good job of keeping iOS and Nexus devices very up-to-date security wise. (Specifically avoid non-Nexus Android devices as companies other than Google do a bad job at deploying timely OTA updates.)
2. Use a deterministic wallet app so there is no need to back up anything whatsoever (all your addresses and keys are generated from a password): Greenaddress, Breadwallet, Mycelium.
Then all you need is one strong unique password, and you have a decently solid Bitcoin wallet. If someone specifically hacks you with a 0day to compromise your mobile device, you have a lot more things to worry about than losing your bitcoins.
2. Use a deterministic wallet app so there is no need to back up anything whatsoever (all your addresses and keys are generated from a password): Greenaddress, Breadwallet, Mycelium.
Then all you need is one strong unique password, and you have a decently solid Bitcoin wallet. If someone specifically hacks you with a 0day to compromise your mobile device, you have a lot more things to worry about than losing your bitcoins.