You're right that from a defense standpoint, sandboxed OSes like Android and iOS are "better" than your average laptop. Granted. The point I (and probably your parent comment) were originally trying to make is that the amount of data stored on a phone makes it a very good target for vulnerabilities like these. None of my banking, chat, email, etc information is stored on my laptop because I access these things through the browser. That's not to say that this provides perfect security, of course, but it means someone can't come in with a zero-day that gets root on my system and just one-off uploads all my databases.
Apps that keep all this data locally, as is common on phones, are dangerous. Add the fact that most people have a phone as their two factor and you have a really bad situation when a phone is compromised. This, alone, makes phones an attractive target.
> because I access these things through the browser.
Meaning the session cookies are stored on your computer, meaning I can steal those and then do whatever nefarious things I want to do off-box. Locality is a myth, attackers don't care about that. They just want the data, and finding/weaponizing bugs is the hard part.
Regular people keep copies of banking, chat, emails printouts on their "My Documents", even if they use Web applications instead of native ones for those services.
Speaking of native applications, usually many regular users still use native native applications for email, chat, text processing, spreadsheets, etc.
So while you specifically might take care of having a very clean $HOME, most people don't.
Apps that keep all this data locally, as is common on phones, are dangerous. Add the fact that most people have a phone as their two factor and you have a really bad situation when a phone is compromised. This, alone, makes phones an attractive target.