Hacking the call-only phone requires better quality exploits than hacking a mobile browser, but it is quite doable. Such an attack would require knowing Trump’s phone number, but a motivated espionage program should have that. A phone that makes and receives calls could also receive SMS, and there is already public research on different ways for attacker to get control of a smartphone by sending an SMS, including one that does not appear in the phone’s inbox. World-class espionage programs certainly have this capability, and even second-tier nations can likely buy it. Such exploits are rare and expensive, but a target like the president of the United States is worth it.
Once an attacker is in the phone, they must then find a way to exfiltrate the stolen data. This is easier on the Twitter phone, as clicking on legitimate links and loading content creates enough traffic in which to hide illicit communication. On the phone-calls phone, this is a little harder. The president’s phones should have some serious network monitoring, meaning that any suspicious traffic would be identified as such, and without much data leaving that phone, the stolen information would stand out. Still, a sophisticated attacker could possibly evade this, particularly given the months-long periods between submitting phones for detailed inspection.