atori When reading about how phones get hacked, it seems that the most common method is exploiting a flaw in a messenger application. These are quite complicated apps with a lot of features so even a 0 click attack is possible here.
It makes a lot of sense. Any app that's meant to connect to strangers and be your contact point is an attractive target.
Here's some of the apps that work properly on my phone with all exploit protection settings enabled on them (but you may have to silence exploit notifications for some of them):
- Molly-FOSS
- Session
- Discord
- Gmail
atori Does SMS / MMS have the same vulnerability? Can somebody just send an SMS or MMS and own your phone? Or do I at least have to click on a link or download something? What about phone calls?
Depending on the vulnerability/exploit, you may or may not be required to click something. You can try hardening your messaging apps by disabling the automatic loading/rendering of media files wherever possible. Media/PDF rendering exposes your app or device more to exploitation.
Also try tightening up their permissions or enabling automatic deletion of messages from your local storage. This way if an attacker breaches a messaging app, without trying or succeeding in breaking out of the app sandbox, they would have fewer data to steal, and fewer permissions to abuse from within the app sandbox. None of the aforementioned apps need the Sensors permission, as a start. (You may have to silence the sensors access notifications from these apps once you revoke the Sensors permission for them.)
I also recommend you to enable the LTE-only mode and the 2G network protection setting (both settings appear on the same screen). These reduce your exposure to exploitation through SMS, MMS, phone calls, and just general cellular network communication that doesn't fit into a user-facing functionality.