For an end user the solution is multi factor authentication every time you want to use your phone. It already exists as an option on some privacy/security focussed Android custom builds, usually using an NFC tag, or by having to use both a PIN/password plus biometrics.

It's not very convenient so the vast majority of people wouldn't use it.

For corporately managed devices mobile device management solutions exist which can prevent the user from doing certain things, or from having access to certain things so there's more security there to protect corporate data and access to remote resources, but this isn't something most end users will have the knowledge or money to implement, and again, it's not very convenient due to the limitations.