Yes, your phone can be hacked. But doing so is extremely difficult and very few people actually need to consider that sort of risk.
As long as the Apps and OS are up to date it’s almost impossible for anyone outside of a government organisation to obtain the resources in order to do so.
Governments and corporations are using tools like AI to monitor you to some or other extent.
But there isn’t any point to them doing so to the extent you seem to be implying and often they have simpler ways of getting that information that also make it much more valuable.
Bluetooth beacons can track whether you’re nearby, CCTV can run the same facial recognition. Data submitted to Apple or similar “Find My” networks can be used to figure out who you interact with. None of these require compromising your phone in any way.
F-Droid is a well reputed open source app store.
But using it is also risky because you are responsible for verifying the APK file used to install it. And you have to bypass multiple controls that prevent you from installing it by default.
An app listed on Google play has at least passed Google’s automated controls and scanning.
An app listed on F-Droid’s main respoitory was reviewed, compiled from source and signed by a developer collaborating with them.
Raw APK files are far more of a risk than third party app stores. But you should take in mind that any app you install should be vetted and verified before and after downloading it.
App stores handle part of that process.