My position regarding devices is that only 2 out of 3 should be satisfied:
1. Used as a proof of identity (for banks, govt services, etc.)
2. Is distributed to laypeople who have more pressing concerns in their lives than security.
3. Is an open platform where you can download apps arbitrarily from the Internet that can read your data and exfiltrate them to a malicious actor.
The mainstream today chooses 1&2. Novelty, underpowered devices choose 2&3. Hobbyists have option 3 (and those who like to live dangerously 1&3) with some inconvenience. You can still run GrapheneOS... and the mainstream apps that expect your device to be a proof of your identity won't work... and I find that quite reasonable.
I take issue with the idea that openness and freedom to install arbitrary software cannot occur without strong safety mechanisms. Android/GrapheneOS/iOS have sandboxing and permissions systems that put most desktop OSes to shame. The base platform can control apps' access to every resource, and an app store can put its own caveats and reminders to users for what kind of access is needed for the functions of a given app.
Sandboxing and permissions provide a different type of security than application signatures. Sandboxing can limit app capabilities, but it doesn't change the fact that you can accidentally grant a malicious application permissions.
Application signatures and developer identification bring a different kind of application security. It provides the security of societal legal systems and legal ramifications for malicious actors.
In the end, you still have the choice to trust the "system" or your own judgment.
> but it doesn't change the fact that you can accidentally grant a malicious application permissions
Do you also support the nanny states that decide how you should be parenting your children? (The age verification etc.)
You have a consistent habit of posing complex questions in your rhetoric. https://en.wikipedia.org/wiki/Complex_question
Please don't do that here. https://news.ycombinator.com/newsguidelines.html
This is not really a complex question as much as it is an analogy demonstrating that allowing third parties to dictate how you live leads to a huge loss of your freedom with bad consequences on your independence and control. But you are right: I could say this in my above comment.
It's a number of false choices. Google has complete control over Android and they could easily implement 1, 2, and 3 if they wanted. It's not as if they couldn't provide the means for certified secure enclave apps in addition to normal ones.