

It’s nothing sophisticated. You just steal someone’s phone number by calling their phone service provider pretending to be them. I don’t know how serious this threat is but for this reason SMS is not considered secure in the “security circles”.
https://www.howtogeek.com/358352/criminals-can-steal-your-phone-number-heres-how-to-stop-them/
The difference between Android and “proper” Linux? You said it:
That is not what “tinkerers” want. They want access to the system. I have not tried it but can you even run an android app from the command line? I guess you can somehow but that just brings me to my other point. You kinda have to be an Android dev to tinker with Android, while on “proper” Linux the learning experience is more granular.
edit: indeed running Android apps from CLI is not very tinker-friendly:
https://stackoverflow.com/questions/6613889/how-to-start-an-android-application-from-the-command-line