On the android front, if you don't mind using a pixel phone then Graphene OS would be worth checking out. It's a foss non rooted alternative to base android with a focus on privacy and security. The no root requirement means a good amount of apps like banking work properly on it. It vastly expands the app permission system and removes the special privileges to Google system apps, allowing you to remove it or limit them. It also supports sandboxing of the play store and multiple profiles so you can effectively quarantine Google requiring apps.
They likely buy leaked data that would include things like your full name and email, perhaps an address. Even if an address isn't there, legal data brokers often have your address for a small payment anyways. From there they likely use something like Google Street view.