* Settings -> Developer Options -> Debugging -> USB debugging.
FYI the Developer Options are only visible if you've gone through the unhiding procedure. If they're not visible, then USB debugging is disabled, and you're safe from this attack vector.
Recommended wallets are
This is a good list IMO. To help you decide:
Some wallets do strong (server-assisted) encryption of the wallet stored on your phone. If you lose your phone, a determined thief who is able to root your phone can steal wallets without strong encryption.
Strong encryption: GreenBits, Hive Wallet. Brute-forcible encryption (takes longer than no encryption, but still stealable): Bitcoin Wallet. No encryption (just a PIN check): Mycelium
Some wallets offer better privacy than others. Bitcoin Wallet is the best in this category; the other three share your transaction history with a centralized service as part of their operation.
Some wallets need to trust a centralized service to tell them about new inbound transactions, and to broadcast outbound transactions on the wallet's behalf. A centralized service could theoretically lie to the wallet -- it could withhold an inbound transaction or make up a fake inbound transaction. Mycelium and Hive Wallet fall into this category. Bitcoin Wallet and GreenBits do not depend on a centralized service for transaction verification.
Of those listed, only GreenBits offers two-factor authorization. (Of course, for 2FA to be effective you'd need a second device, e.g. a different phone or a laptop.)
All of the listed wallets are shared source, i.e. their source code is published and viewable. However Mycelium is not open source, you may not modify it nor redistribute it yourself. The other three are open source.