@phaZed
We also need to be realistic about the actual threat posed by and infection routes required by each one of those "tons of vulnerabilities." Some of the CVEs I've read have me saying, "Yeah, but the confluence of events necessary for this to actually happen is very unlikely." Others are just the opposite, and those are the kind that tend to become emergency security patches.
I'd say, generally speaking, the probability of an infected iPhone or Android device is, relative to a Windows machine or even a Mac (which is lower risk than Windows), is small.
So far, every instance I've had to deal with in regard to the belief that "my phone has been hacked" has not borne that out. These days, I'm happy to say, that even infections of Windows devices are much, much fewer than they once were. When I first entered this business "for money" in 2008 a huge part of my business was disinfection from viruses/malware, and now it's virtually zero. Protection has just gotten so much better and every infection I've dealt with in the last 10 years (at least) has been the direct result of end-user action in response to something intended to trigger fear, uncertainty, and doubt that prods them into quick action without thinking. I'm even finding, which I'm really happy about, that a number of my senior citizen clients are far more "scam savvy" than they once were. I'm having a lot fewer calls of regret about having done something, and suffering the predictable results, than I have been asking me to confirm that something is likely a scam, when it almost always is. I praise my clients who make those calls to me to the high heavens and tell them to tell their friends about what they received and what they did in response.
I don't dismiss the belief out of hand, but I do probe more deeply about what is, or is not, happening and proceed accordingly.
