Phones are the least of the worries IMO. There are so many internet connected consumer electronics devices around that are based on some lightweight linux stack - SmartTVs, home routers, set-top boxes, NAS boxes, IP security cameras etc come to mind. These things will NEVER get patched because the development teams that put together the original firmware for the last years model are often even not around anymore. "Install Cyanogenmod" is not an option either.
With the "Internet of Things" wave raising, this will only get worse.
I'm not sure there is a reasonable solution there, zero day exploits will continue to be around, and companies will continue to build "embedded" devices that are not really designed to take frequent software updates.
Maybe there is a room on market for consumer oriented security certification brand, which basically tells the buyer - yes, we have reviewed and tested the software stack on this device, and its reasonably safe and sound and the company behind it is reasonably committed to keeping it secure ?