That's still not an OS issue. No amount of clever programming will help if people are that determined to do something dumb.
And yet, a malicious iOS cannot typically take over the OS, other applications, or exfiltrate data from other applications. Sure, someone's bank account can be fished. But systems like iOS show that it is possible to protect users against a large numbers of attacks.
One of the goals of an OS is to provide meaningful isolation boundaries. This is why we have a separation between ring 0 and 3, isolation of process address spaces, a separation between UID 0 and UID > 0. There is no reason why we should not introduce new forms of isolation invented after the 70ies.
A malicious Linux application can exfiltrate all the data in your home directory. Taking over the OS is not hard either, just run a keystroke logger or put a rogue sudo in the user's path.
Of course, this does not apply if the application is properly sandboxed, which is sadly not the default on Linux yet.
And yet, a malicious iOS cannot typically take over the OS, other applications, or exfiltrate data from other applications. Sure, someone's bank account can be fished. But systems like iOS show that it is possible to protect users against a large numbers of attacks.
One of the goals of an OS is to provide meaningful isolation boundaries. This is why we have a separation between ring 0 and 3, isolation of process address spaces, a separation between UID 0 and UID > 0. There is no reason why we should not introduce new forms of isolation invented after the 70ies.