Except apps like this should probably not be using the OS CA store, and instead just pin their own CA cert. Doesn't seem to be the case here but in general I think pinning is getting more adoption, isn't it?
Heard that on an old security now episode, https://www.grc.com/sn/sn-443-notes.pdf is the best I have unfortunately, there's mention of it near the bottom there.
No. No application or OS should impose it's own CA on an end user without choice. I get the importance of encrypted traffic flowing over the internet, but I also have concerns about traffic leaving my own network. Neither at my home or my business do I want an encrypted stream of traffic flowing out of my network without my being able to inspect the contents and know who the recipient is.
Most people, even most developers seem to be pretty clueless with this stuff.