Offline phone security

Removing the SIM alone wouldn't prevent a remote hack if the phone was powered up as WiFi would still be available and therefore an attack vector. However, a phone that is off with no source of power is not remotely hackable. At least there's no demonstrated techniques or even published research that I know of which would make it possible. Without a power source there's no CPU or antenna operation, it's just a sophisticated brick.

The thing is that in order for this cold wallet to be useful it will need to talk to something - as some point you will need to turn this on and connect and then it's just as vulnerable as anything else. Android is designed as a vehicle to get your personal information to the outside world so is chatty by default, however there are some Android ROMs which are designed with security in mind, it would be best if you installed one of those and limited the operation of your cold wallet phone to the bare essentials.