Hello, and welcome to the forums. 
I think your first question:
is difficult to answer. Many, if not most, here would say no, while some argue it depends on your threat model’s severity.
If you are drawn to GrapheneOS, but want to avoid giving money to Google, I concur that a used or refurbished Pixel may be a good way to go. Though just as a head’s up, opinions are split on used devices, as you’ll see with a search or two around the forum.
If that doesn’t seem viable, do look into why GrapheneOS is the official Privacy Guides recommendation, while the iPhone is the closest runner-up. Another user was kind enough to just recently provide an overview of many related threads discussing why other mobile OS’ aren’t typically recommended (which is not just due to security, but privacy concerns as well):
Your second question might be answered by the concept of “Compartmentalization”. Beyond the forum threads, PG has a nice video about it, if you haven’t seen it yet: