I read where Chinese phones may be have vulnerable firmware. While any phone could have the same issue, US agencies issue warning about Chinese phones. If I install LastPass on my device, would all my passwords be compromised? Does the encryption process secure my information on a possibly-compromised phone?
BUT, anything with (near) hardware level access to a device, could theoretically intercept data to be stored in an app.
Information stored/encrypted BEFORE the device was compromised should be ok "as is".
But, if the device is compromised beforehand, or changes are made/new info is input after the device is compromised, then that data would most likely be accessible to anyone with access to the compromised phone.
It seems that you should be good if you have already set up your vault on LastPass before installing the app on your phone. However, if you're going the other way around it might be risky if there's a hardware vulnerability.