I hate what popular culture has done with our perception of hacking. Hacking almost always involves social engineering as a means to open a backdoor into a system: you trick the end user into for instance giving up login credentials or installing a program that “phones home” to a command and control center. You’ll have to research the details on your own, but depending on what information has been “phoned home” or in other ways acquired by the adversary (login credentials, IP address, hardware and software identifiers, etc.), the adversary can then deploy further tools that either exploit known programmatic vulnerabilities or that elevate the adversary’s privileges on the target system, with the goal of attaining enough control to do whatever the objective was in the first place (gathering PII, bank info, leaking private media, distortion, what have you…).

Android is great at a very specific task, which is to isolate processes into something I can’t seem to recall right now… Maybe “zygotes”? Basically it gives the user granular control over interprocess communication. It also effectively reduces attack surface by isolating infection/damage.

On Windows, for instance, programs are allowed to elevate their own privileges - for the convenience of the end user, I suppose - which is of course INSANE, considering that the greater Windows user base probably don’t have the cyber hygiene required to operate safely within those premises.

I’m too sleepy to go on, but “google” and read: hacking, backdoor, exploit, social engineering, privilege elevation