[vorpalhex]

You can monitor what calls an app makes. LittleSnitch on Mac is an example example of this.

There are going to be nefarious actors who still manage to bypass it, and there are going to be risks outside of a walled garden - and that's a meaningful choice we can provide users.

"Hey, you can stay inside the app store and get these promises, or you can install what you want and risk X, Y and Z."

Android does this.. decently well. There are issues with the google framework, but otherwise it's functional - my elderly family doesn't need me to reset their phones every month, yet I can sideload all my games and FOSS apps.

[Polylactic_acid]

This isn't good enough. Sure you can monitor it if you have a load of time, but then what do you do when you find out its doing something evil? What do you do when you find out every app is doing something evil? You either opt out of proprietary software entirely or you let apple use their weight to force apps to stop being evil.