I'm a bit biased in this response, but I think it's still worth stating.
All successful cyber-attacks apply software in some form or fashion to carry out their nefarious acts. It doesn't matter if it's a VBA macro in a Phishing email attachment or an app you download from an app store and install it in your smart phone - it's all software. Which enables me to posit confidently "Software is the root of all evil in successful cyber attacks".
So, if you want to prevent from becoming a victim of a successful cyber-attack you must start by closely examining the risk in any software artifact, i.e. app in an app store and other sources of software, before purchasing and installing. Visibility into software risk is possible using existing tools and methods, preventing risky software from being installed, ruining your day and your data. Look for Cyber Supply Chain Risk Management solutions that follow NIST C-SCRM best practices described in NIST SP 800-161 and other NIST Guidance, described in OMB Memo M-22-18.
If you believe, as I do, that software is the root of all evil in a successful cyber-attack then consider implementing tools that will help you detect risky software before any attempt to purchase or install software