The first thing users should check is if the device they are using is on the latest software version, if it isn’t on the latest version then users should update their device to the latest version. If your device doesn’t give you an option to update the software but there is a later version available this means your device is too old to receive updates.
Attackers are finding ways to finds a flaw with an operating system and if the device is no longer receiving updates then the flaw will not be patched, however if the same thing was to happen on a device which is still receiving updates then an update will be released to patch the flaw.
The problem with using 2FA on older device which no longer receives updates is if an attacker or malware can get into the kernel of android or iOS then it will be able to do anything it wants which includes presenting fake authentication-app screens.
Users should look at alternatives such as using pin numbers, face or finger print ID authentication until they upgrade the device.