New Delhi, June 10 -- The phone sitting on your desk right now is, in all likelihood, sharing your location with a fitness app you opened twice in February, sending microphone access to a game you forgot you downloaded, and quietly refreshing a shopping application in the background while your screen is dark. None of that requires a hacker. You gave permission for all of it.

The Cybersecurity and Infrastructure Security Agency - the federal body responsible for protecting America's digital infrastructure - has updated its mobile communications guidance twice in the past seven months, each revision sharpened by an escalating string of breaches. The most recent, issued in response to the Salt Typhoon intrusion campaign that penetrated at l...