Re: How much are we doing this to ourselves for convenience?
It depends what you were doing with them, but probably not. Banking apps are rarely the targets of the attackers because there are a bunch of apps and each user probably only has one or two of them installed. Finding a bug in banking app A doesn't let you attack anyone who doesn't have an account at bank A and anyone who doesn't need access to it on their phone. Nor do they usually attack by having someone install a dodgy app. Malware of that kind exists, but targeted attacks like this can't rely on someone installing something for them. Mostly, they look for vulnerabilities in the OS itself or in particularly common apps, often communication ones like WhatsApp which are popular and have an easy way to deliver a payload to them by sending a message to the victim's number.
Nor are financial details the target of something like this. They're paying millions for the right to infect someone; they have enough money as it is. Usually, they want information. Your calls, your messages, your emails, and the ability to track your location and turn on your microphone. A flip phone has all the hardware needed to do that, and the only possible difference is that you might not sync your email to it because the interface makes it annoying to use. Flip phones have been able to read email for fifteen years, though, so nothing would prevent it from being an interesting target to users of stuff like this.