Many of these exploits don’t require that the person using the phone even knows they’re in use bud. You do you, but know that your phone will likely be hijacked to be used as a crypto miner at best. At worst literally all your data will be exfiltrated.

There are literally hundreds of security vulnerabilities in Android 8 and 9.

https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/version_id-564242/Google-Android-8.0.html

Several of which allow remote code execution (meaning if exploited, attacker would have full control of your device, likely without you knowing). These vulnerabilities can be exploited a number of different ways, for example, this one would just require that your Bluetooth radio is turned on- https://www.cvedetails.com/cve/CVE-2021-0316/

This one just requires that you open a text message an attacker sends you- https://www.cvedetails.com/cve/CVE-2020-8899/

This one just requires NFC on your device to be on (which most phones have and is usually on by default) https://www.cvedetails.com/cve/CVE-2020-0073/

Don’t run old OSes. 90% of the reason new versions come out is to fix these issues.