Unless you're going up against the KGB/CIA, nope. Even at that, any modern Android/IOS device does not permit data transfer on the USB port by default.

In Android, you have to:
1) Manually enable the hidden/secret Developer Menu
2) Manually enable USB debugging via Developer Menu
3) Connect the USB cable
4) Manually grant USB Data Transfer permission
5) Manually accept the ADP RSA key.

ONLY AFTER doing all of that can something install itself on the phone via USB. If you've done all of that and "inadvertently" get malware on your phone -- you deserve it.