[coldtea]

>The same argument could be made for any security hardening. Why bother with MFA, biometrics etc when the chances of being compromised are statistically very low.

No, the chances there are statistically very big. Because a thief might get your phone, and then can exploit access to it without MFA, biometrics, etc, and stole your bank account, data, etc.

But the chances of people (a) getting your phone, (b) replacing the camera module and compromising the OS, (c) giving your phone back without you noticing, to get your data, are statistically tiny.

And we've somehow managed for 15 years of smartphones without those mitigations...

>And evidence has come to light that their phones and cloud accounts were hacked and friends/families targeted.

Where they hacked in the way we're talking about here? If not, how is this relevant?