[microtonal]

That's only part of it. That all security issues would be gone after writing code in a memory-safe language is a fairytale (though it does help a lot).

The other parts layered defense, reducing the number of privileged/non-sandboxed applications/processes, not shipping spyware/adware, etc.

Only Apple/GrapheneOS and to a slightly lesser extend Google Pixel are good at this. Many phone manufacturers still use the TrustZone TEE on the main CPU (rather than a separate security processor), isolated radios, hardware memory tagging, and dozens of other defense-in-depth features.