[gruez]

>If I am sneaking a payload in, and I have different exploits for different OS versions, I would exactly disguise it as spam.

Right, but the point is that GP seems to have been tipped off by the "sketchy links", rather than the spam itself, and that there are far better ways to compose your spam texts than ones with sketchy links.

>Pretending to be a busines, or a random person with wrong number, and then DELETING IT is a noteable indicator of compromise.

It depends on the nature of the exploit. I was operating under the assumption that "0 click" means the exploit gets run as soon as the phone receives it, which would allow for the exploit to clean up after itself without alerting the owner, unless the owner was staring at the phone the exact moment the message came in.