We can't tell what your friend is doing to see the business on your phone, so I'll create a straw man and assume one of three things is happening:
Assumption 1) You are running a jailbroken phone / Android wherein your friend put applications on your phone. In that case, (s)he may have access to your phone even if you aren't on the Wi-Fi. If this is the case (that you are running a jailbroken phone or a phone with cracked software), you should factory reset and never download untrusted applications. It could be that your friend is messing with you and you trusted software that you should not have trusted.
Assumption 2) Your friend is monitoring the router traffic. If this is the case, (s)he will be able to see what sites you visit and, if you visit sites without transport layer security in place (like, banks or social media pages that don't have HTTPS), then your friend could sniff where you are going and what credentials you are sending along. This makes sense because you'll be using the router to send the traffic to the internet. Like Navi mentioned above, you can use a VPN service to encrypt your traffic. Then, even though your friend will sniff what's going through the router, (s)he won't be able to understand the sites or credentials. Advice here is to use a reputable, paid VPN service, as if you use a free VPN service you run the risk of further security issues.
Assumption 3) Your friend is messing with you and is looking over your shoulder, maybe with a camera in the room. In this case, don't do important stuff at the house because clearly this person is messing about with your privacy. Or search the room for a hidden camera and unplug it.
--
Assumption 3 is unlikely, but never underestimate shoulder surfing, as it's how ATM skimmers get pins.