Will once again re-up the concept of a “right to root access”, to prevent big corps from pulling this bs over and over again: https://medhir.com/blog/right-to-root-access
Most of users are not able to keep themselves safe in the internet - they want to install all kind of crap without thinking too much.
All of this is companies making it possible that average Joe could just click links, install any kind of crap and still be somewhat secure.
The very few I know that have had this happen where all computer users, and virtually all victims of social hacking such as "hey, I'm from IT department, sending you an email, could you please...". A friend of mine exposed sensible data of thousands of customers of her bank like this.
It's a considerable number well into the 8 figures $/year that we have to cover (Granted this number is not specifically smartphones, also includes desktops, but I know smartphones is the bigger piece nowadays.)
(insuring this is near impossible, there is always a large part risk we have to pay ourselves and cannot cede to a reinsurer)
The problem is actually Google and other big tech.
Let's consider: why are users installing so many apps?
Because, on desktop, this doesn't happen. We don't ask people to download and run an EXE to look at their friends funny cat photos. No, we open the web browser.
The reason we have so many apps on mobile is because we require the malware. Google requires the malware. We need to be able to run privileged and unsandboxed code on users devices and this is the world that Apple and Google have created.
Users shouldn't be fucking downloading apps for 90% of the stuff they do anyway - including the non malicious apps! But they do, because they have no choice.
Think about it. Provide a web interface and miss out on juicy spyware? Or install executables on your customers systems? Apps are far too enticing for big tech.