Of.coutse phones out the box are vulnerable, as they haven’t been set up yet.
It’s how vulnerable they are AFTER, security updates, and setting passcodes etc.
Any device stripped down, has TECHNICAL FLAWS, it’s how after the average user has removed as much bloatware as possible, checked permissions, and set up their codes, if it’s vulnerable then, then there’s a problem.
Strangely the report doesn’t mention any of this after their shocking title, only how some phones COULD be hacked out of the box, and it’s only theoretical, based on info of what permissions may be given on some apps.
I think most know that apps come with a lot of potential to control you’re phone without extra input from YOU. However, in the app description it says (generally) what permissions it wants and for what reasons… Everytime you download a new keypad app, it warns of keystroke theft, but you take the risk it doesn’t copy n send your passwords etc.
I think this is a scaremongering report prob from an isheep fanboy!