Some research from Security Research Labs Warns us to be careful with Voice assistant 3rd party apps. Responses from these apps can be padded with unpronounceable characters (tilda for example) giving a response that is an hour longer that what the consumer hears. Since the conversion is still ongoing the app is still listening in. Or after an hour of silence the app could announce something that you assume is from Google eg that there is an update available, please say your Google password to continue.
3rd party apps commonly start with “Talk to” eg Talk to Harry Potter Trivia.
Also identified were apps that are synonyms of popular banks eg Capital Won vs Capital One
don’t use voice apps for Banking, health care or other sensitive data.
Don’t bring voice assistants into locations where there may be private conversations eg work
Avoid using 3rd party va apps.
You can check your history of app use with this procedure https://support.google.com/googlenest/answer/7126338?co=GENIE.Platform%3DAndroid&hl=en
More info here https://www.theregister.co.uk/2019/10/21/alexa_google_assistant_eavesdropping/