We all carry highly sophisticated personal devices which have profound implications to personal privacy. There are many examples of this such as app data collection––which Apple recently moved to curb with its App Tracking Transparency framework.
Any sufficiently sophisticated system has security vulnerabilities that can be exploited, and mobile phones are no exception.
Pegasus is an example of how unknown vulnerabilities can be exploited to access highly sensitive personal information. The NSO group is an example of how governments can essentially outsource or purchase weaponized cyber capabilities. This is no different than arms dealing in my view––it’s just not regulated that way. Companies are always going to have to patch their vulnerabilities, but regulations will help prevent some of these cyber weapons from being misused or falling into the wrong hands.