Technical question about the security of passwords managers on android

So here in my city there have been cases (multiple) proven by police that criminals reached the Android and iphone keystore of stolen/lost phones so they can get to banking apps (not many but enough to keep an eye on this). I am worried about my password manager (I’ll talk specifically about 3 of them bitwarden, keepassDX and protonpass and on device at rest encryption). I can’t read code so please don’t ask me to go and read the source code.
Of my understanding on keepassdx if you don’t use fingerprint or face unlock, so just plain master password everything is encrypted with the master password and the master password is not saved in the phone in any way. And I know for a fact that in protonpass if criminals reach the keystore they have everything as there is no option to use your masterpassword for encrypting the data on the phone, also they directly said so to me. On BItwarden there is an option to use your masterpassword as lock but I have been assuming that its used for encryption (on device) so even if criminals reach the keystore they could not get the data as it is also encrypted with my masterpassword that is not stored in the device. I know that this is a bit too much but this things are happening here.

So the real question here is
Does my assumptions (about keepassDX and Bitwarden) are correct??

Could you elaborate on Proton Pass not having the option to use the master password for encrypting the data?

I have enabled biometrics for Proton, and if that fails, I have to enter the master password (I disabled the phone password fallback).

You don’t need to worry about this if you use a secure smartphone. These people that you are talking about probably used an insecure device, maybe even an EOL one.

So even in the case of a Samsung A54 (I am hoping to buy a Pixel 8 soon) I should be ok as it is updated and is far from EOL? I also have a 20 character phone password with biometrics (for AFU).

it is encrypted but at the end the encryption key is stored in the keystore and it should be safe like that for the most part but there is a small chance that by zero days attacks or old as they could just store the devices get to the keystore and extract them. Not trying to say protonpass is not secure. It is just an extreme case. Just i like to know this things to have in the back of my head if by bad luck I am in that situation

Thats the thing some where the last flagship phones iphones, samsungs, etc. Sure probably most of them were old and not updated.

yeah I think so its highly unlikely that they can get to that level even with old phones. its just that there where a few cases once every so often.

You will be fine, just keep it up-to-date and try to get the Pixel 8 when you can.