Perhaps a few more responses now from people who own their data?

There are still a scary few "I use adb" or "I copy the data over MTP"

Sadly, not everything on the phone is visible to those two. IIRC, [MS]MS logs aren't (I might be wrong here though) and if you use Google Authenticator, your OTPs aren't, which I learned the hard, hard way.

I need to root my phone.

Tragically, as you mention, the security restrictions on most apps at this point block filesystem access via adb.

Wild to learn about the OTPs, I'll need to take a look and (likely) rectify that security hole since I manage my backups myself (at enrollment time the keys go in escrow).