[t0astbread]

Well, you're right, Android does offer more extensibility than people give it credit for: If you're okay with its heavyweight development tools you can (for example) write a custom launcher to change some of the UI and you can extend/intercept some system functionality with apps. There's also Termux which offers a Linux shell environment based on the underlying kernel combined with APIs for Android-specific functionality. It's actually quite powerful, you can run scripts or daemons in the background without a problem.

But what I mean is most of the system isn't really open like that. Configuration, application data and stuff like that is mostly managed by the system and you can't access or change that data without major hacks. Termux feels like a second-class citizen because most of the ecosystem isn't built with something like it in mind (in contrast to the "CLI-by-default" experience on other Linux systems). There's also a few (non-embedded) system components like the backup system (which, if I'm not mistaken, is provided by the Google Services Framework) which you can't easily replace.

Of course, when it comes to security this is not something you should give to anyone who doesn't know to protect themselves using it. And I assume it wouldn't be a financial success either, I just guessed this is what people mean when they say they don't like Android because it's too restrictive.