Do you want an phone where you trust Apple/Google/3rd party to make a "malware or not" decision? Or one where all that is turned off and you can do whatever? Go right ahead in either case - you control the trust, rather than it being made for you by the platform vendor.
Similarly, we have certificate infrastructure where the TLS roots are owned by a small number of people. These are generally trusted, but some people/organizations edit them down (ex: removing roots from state actors deemed untrustworthy). But it's hidden, and generally a lot of choices.
Even linux distros, you pick which package signing keys you trust.
And Docker/K8s... oh wait, there's no default keys and containers remain being developer's puke bags in most cases, and the repos are rugpulled by corporations regularly...