A dual password "Hidden OS" feature like Veracrypt offers, or at least used to offer would be best. If implemented correctly the existence of the hidden OS can't be proven, and a dummy password would log into a dummy OS. I don't think it exists for phones, but is surely a gap in the market.