A VPN service encrypts the data between you and the server you’re accessing. It also hides your public IP address from the ISP, and the sites/apps you visit.
Depends. VPN services provide encryption between you and the VPN server. Encryption can provide partial anonymity, but only if you actually remain anonymous. If you log into a user account or do not pay attention to cookies, you will not remain anonymous while surfing. The applications you use on your computer or phone might be sending identifiable information such as MAC address or IMEI to the provider. So while browsing might be anonymous since web requests do not normally transmit IMEI or MAC addresses, your apps might leak anonymity that way.
To maintain a good level of anonymity while surfing, do not log into any user accounts, do not access websites via HTTP (or mixed content), and clear your cookies before enabling a VPN service. However, any application which can query your operating system (such as Java applet, Adobe Flash, a computer program, or phone app) is likely collecting and sending identifiable information regardless of VPN. Therefore, as soon as you activate a VPN on your smartphone, which is always logged into your Google or Apple account, it will leak and associate your IP/MAC/IMEI or other identifiable information with your Google/Apple/Facebook/etc account in the background. Remaining completely anonymous on a smartphone, realistically, is almost impossible, unless you don't have a sim card, haven't activated the phone, and never added an account on the phone. However, you do not need 100% anonymity to benefit greatly from encryption and other security benefits.
Most VPN providers use military grade 256-bit AES (Advanced Encryption Standard). This means that to break the encryption, a computer would have to perform up to 2^256 calculations. That is about 115000000000000000000000000000000000000000000000000000000000000000000000000000 calculations. The most powerful supercomputers would need to run for millions of years to break it, so brute-forcing attacks on AES-256 are pointless with current technology.