Was there something specific in there that actually backed up your claim? A link to a generic landing page is not what I was asking for.

My previous comment contains two links. The second one points to a list of vulnerabilities in Qualcomm closed-source firmware that were fixed.

For your convenience, here it is again: [link]

What I am asking for is evidence that every old Android device has already been compromised (your claim) and/or for data that proves this is a widespread issue.

Cybercrime groups obviously aren’t going to publish reliable statistics on the crimes they’ve committed. One should generally assume that known vulnerabilities are already actively exploited unless there is evidence to the contrary.