Well, most (if not all) Android phones by default (since Marshmallow, I believe) default to using any USB connection plugged in for charging only, and requiring you to unlock the phone to change that option each time. And before that (since at least Jellybean, I believe) don't expose filesystem data until the device is unlocked. So that gets you some modicum of safety. And with the device encryption turned on, it won't even get into the OS without an unlock code. So provided they're not going to physically dismantle the phone, or other such destructive measures, your data is pretty safe. Apple... well... not so much.
Of course, whether the courier "loses" the package en route is another matter entirely.