Again, the reports of the agency-related cybersecurity actions would take you back to the year 2013 when all the cyber-spying stuffs had been exposed by Edward Snowden. They were said to be illegal that it kept people and tech companies concerned that all those actions had been done ever since the past. We know the reason on why they did all this cyber surveillance on people in various countries through the victims' devices but then, we had also seen actions taken by the tech companies in which many of the vulnerabilities had been patched as stated by Apple and Google.
Unfortunately, even with the encryption intact for Telegram, Signal and Whatsapp, there's a chance that CIA can bypass it for data collection purposes. The Year Zero issue is not at the application level and it takes place in many devices and operating systems like routers, computers running Windows, Macintosh and Linux and even if the computers are offline, the data collection can still occur.
More and deep information can be found from the links below:
Unfortunately, for those using the outdated Android and IOS like me using Android 4.x series of OSes, chances are that not all vulnerabilities are patched and that the patches support the later OSes. Microsoft investigated this situation but may need more time and strategy to come up with more solutions.
