ApplePay is secure. IPhones use TouchID or FaceID for ApplePay transactions. They are both secure from hacking. If the device is stolen it cannot be used by anyone except the user and can be remotely locked so easily that it cannot even be sold for anything except parts. This is not the case for Android phones.
The data that is transmitted over any public network or environment is completely encrypted and is using a one-time use transaction code. That code can only be used for the specific transfer transaction being authorized at that moment, and can never, ever be used again. So intercepting that single-use code reveals nothing about the card being used, the bank account associated with it, nor does it even reveal what or who is doing the transaction. Such single use, one time transaction codes provide no useful information to any hacker for future use and can provide no current data to extract value. They are safe. Only the originating device and the target computer know what is being transacted. Even if being used to make a transaction through a store, the store gets no consumer information when ApplePay is used.
Unnnnhhh. No. Both have been proven spoofable. But they are pretty much, good enough.