On the other hand, China is known to have and use ios zero days (souce: https://www.schneier.com/blog/archives/2019/09/massive_iphon...). It's likely other countries have these as well.

It seems unlikely they put the same efforts into finding a zero day for a nokia. There might be a super easy to find zero-day though, like you're saying.

If it's anything like the old days, they don't need to horde a 0 day.

There were always obscure pieces of software that would pull your forgotten pin right off the device with the right secret code, in which case you have full access to the device.

I'd also expect them to be vulnerable to much simpler attacks like just reading flash chips directly

> On the other hand, China is known to have and use ios zero days

What's your threat-model? If your adversary is a nation-state on par with China, you're probably toast unless you have a well-resourced entity supporting you (think large corporate or another nation-state)

I would argue that it’s much more likely they’d try to get a person of interest to use a compromised “burner” phone, actually.

I’m much less worry about China having my information than the local justice system.

But the majority of that security is required due to the vulnerabilities that come with the smart part of smartphones. A dumb phone has a much smaller attack surface. If I use the phone solely for texting and the occasional tethering and phone call, my exposure is automatically seriously reduced.

The dumb phone has no access to the pocket computer, after all.

Unlikely. Dumbphones aren't interesting targets and configurations are vastly more heterogeneous. Finding exploits can be a huge amount of work.

edit: In a laboratory environment, it is probably easier to break into a dumbphone vs breaking into an iPhone, yes.