S
I think that the question starts from wrong or biased assumptions.
You are observing a true phenomenon (mobile devices hacked systematically) and try to conclude that they are weaker than desktop based on your observations. That is a known cognitive bias.
Let me explain why step by step.
It is easy to hack the devices
No, it's not. The OSes have a security vulnerability, and someone has found a way to exploit it. What you see is the end, but not the beginning. Probably, it took months of hard work to discover that vulnerability.
The fact that you can simply https://www.express.co.uk/life-style/science-technology/919343/iPhone-Text-Message-Crash-WhatsApp or just https://www.express.co.uk/life-style/science-technology/580211/iPhone-Messages-iMessage-Bug-Text-Reboot-Crash doesn't mean it's easy. It's annoyingly easy to reproduce, but not to discover
Mobile devices are easier to hack compared to desktops
It's not in their nature (I'll explain why), but in their market penetration. Assuming all desktop devices use either Windows or Mac OS or Linux, and all mobile devices either Android or iOS, the number of Android and iOS devices overwhelm the figures from the desktop world. And we are not still counting the server market, which shows less devices either.
Fishing and hunting example: where would you go hunting? In a jungle full of fat animals, or in a dry steppe where you can't see animals for miles?
Mobile devices, with their larger market penetration, are more attractive to cyber criminals, who will invest their best efforts to find vulnerabilities where they have much more chances to strike.
About market shares, there is plenty of literature around. I am struggling to find a graph that depicts the boom of mobile devices vs the shrink of desktop devices over the course of the last 10 years.
Desktops do not have (or have less) 0-click vulnerabilities
When you use e.g. Windows (even if it is not the most updated) or Ubuntu, you do not expect that clinking an url will grant root access to your device to someone else.
I'm not sure that can be said for Linux, but Windows had notably, years ago, a few dreaded 0-click exploits.
I want to elect https://support.microsoft.com/en-us/topic/virus-alert-about-the-win32-conficker-worm-73e7df59-ec59-d474-bbe8-1f06b7caef60 as the most dreaded worm in the history of the Windows OS. Please, let's take a look at the Internet history to see other notable Windows viruses that required little to no interaction from the user.
Conficker was particularly dreaded to me because I remember I got infected once by the very moment I connected freshly-formatted my machine to the network, because there was an infected host hitting my machine. https://en.wikipedia.org/wiki/Stuxnet is another notable computer virus affecting Windows OS without clicks
This is to say that your view was particularly biased.
What is a security vulnerability and where does it come from?
If we managed to build desktop OS which are safe, or at least safer than android, why is it so difficult to do it with mobile phones?
Computer OSes are written in the same languages as mobile OSes. This because a mobile device is effectively a computer, under the Turing Machine definition, and the hardware architecture. A mobile device misses the PCI-E and DDR slots that assemblers love since the '90s, their SoC (System On Chip) architecture allows for smaller size and higher densities, but they are no more that computers. Some models even run the same https://en.wikipedia.org/wiki/X86-64 .
Software engineering practices vary a little between desktop and mobile OSes, mostly because of the variety of sensors (cameras, microphone, accelerator, GPS), but security practices in developing software are in practice the sasme.
Security vulnerabilities are born from software bugs, which always existed and will continue to exist.
The more complex the OS, the more security vulnerabilities exist.
For this reason, Android will likely display a lot more security vulnerabilities that iOS. iOS is made by Apple, and the same code deployed to a short variety of devices.
Android is open, and manufacturers notably fork AOSP (Android Open Source Project) to customize it. The more manufacturers, the more forks, the more complexity, the less security patching, the more likely for vulnerabilities on a family of devices.
From https://security.stackexchange.com/a/65214 (emphasis mine)
If your device is not a high end device which gets updates on a timely manner you are at bigger risk (this is why Nexus devices are the safest among android devices)
You don't expect the cheapest phone maker to update the OS after launching their devices to market.
