If properly implemented, and it seems Android and Apple do, contactless payment via your smartphone is a lot more secure than anything else. Some advantages it has:
1) A proxy number can be used for each transaction. Your real number need never be used at any time, as a proxy can be created for each transaction. The bank lets the phone know what proxies to use, and the phone lets the bank know when they are used. so even if the merchant gets completely owned, the information gleaned on you is useless as it was valid for that transaction only.
2) You have a device that can notify the bank of the validity of the transaction. Not only will the payment terminal contact the bank for payment, but your phone can let the bank know as well. Now there has to be some slack built in the system to make sure that it can work even if you don't have signal, but basically when your phone gets back on the network if the transactions don't agree, a flag can be raised.
3) You have some defense against a compromised terminal that overcharges (basically a merchant that has messed with their terminals to charge a different amount than displayed. Your phone knows how much the charge was, and shows it to you. If that is different from the amount on the screen, you can contact your bank there and then and stop the transaction.
4) The two-factor auth is taken off the device, on to your device. You have to unlock your phone to use the payment, so you have a 2-factor setup (your phone + either code or biometrics). However with chip+pin, the pin is entered on the terminal so if it is compromised, it can get your pin. The terminal can't get anything when a phone is used as the auth is on the phone, not the terminal.
It isn't flawless, but it is a decent step up from the security of just using a card.