Everyone who really needed it could do it in debug mode via a port from a PC or Mac.
In fact, this increases the risks, although no one seriously checks programs for Trojans and exploits in the Apple Store, this requires brains that the checkers never had.
Much more important is a programmable firewall in the OS, which blocks everything that the owner considers necessary, including OS components. But neither Apple nor Google intentionally allows this - otherwise, users will turn off all surveillance of them and their data, and ads will be completely blocked in all software.
In any case, if someone finds an exploit that elevates privileges to 0 and below the protection ring from a usual browser, all this will not help. And there are a lot of holes there ... you just need to look...
A person just needs to remember that connecting online banking / trading and other financial transactions for large amounts of money should not be done on a smartphone - this is a priori one big hole in your security. Because you are not really the owner of the smartphone, especially if you do not own administrator rights on it, like on a PC. And this is most often the case. Your smartphone is owned by the manufacturer and all those whose software you put there with "trusted" digital signatures.