Who gets access to the data collected through your use of the app, and how will it be used?
Huge point to be made here, with the mass amounts of lawsuits against Meta and other media companies for selling information without notifying the user base. Even the apps that say they are only collecting certain data, are they actually only collecting that? For apps on Play stores, this is not typically a problem, but for ones off of it, it's important to do that research before installation.
Two-factor authentication, or two-step authentication, is a login process where the user is asked to provide two authentication points, such as a password and a code shared through a text message. Two-factor authentication enhances login security.
Working in IT, I can not tell you the sheer number of people who would do anything to avoid having to take the extra steps for security. Even when we explain to them the exact issues that come up, it seems there is a misunderstanding often about how dire a hacked account could become. This is part of why it is so necessary to make these security measures normalized as early as possible with students and technology!
Install antivirus and firewall software on your devices, and keep them up to date.
Unfortunately, even some antivirus software for devices are more along the lines of popups and malware than what they protect from. Often times, they advertise protection, but are only a scanning device that can identify problems without solving them. Additionally, due to software popularity, sometimes having something popular can make you more of a target, as malicious users work to specifically exploit weaknesses in those software.