It would be better because if not then someone can turn it off. Automatically or by misinforming the user or by requiring it etc. Like now on ios you apparently just need to install a profile, maybe it's too easy.
Well an MDM profile isn't going to decrypt iCloud data or Apple telemetry. It's basically the same dangerous power your ISP and DNS provider wields, but nobody is about to suggest banning those for user safety too.
That's the point, indeed. Your ISP and DNS can technically intercept your traffic, but it's pointless since TLS exists. Similarly, you can Wireshark an iPhone using MDM profiles but Apple doesn't respect your profile in the first place. Third-parties have no obligation to show you their traffic either, and many don't.
They don't need to. I'm not sure if you're aware, but it's actually possible to encrypt traffic using things other than TLS. A regular app on non-jailbroken iOS can completely circumvent TLS decryption. First-party Apple Apps will bypass your profile and custom CA.
Ah. You are saying they would encrypt on top. Sounds inefficient but I guess reasonable if you think about people like Kazakh government or Korean institutions requiring everyone to add a CA just to live a life. So without extra encryption they could snoop on that too. We can't have nice things...
(It's still possible to compare how much a blank device phones home but perhaps we wouldn't know all the details of what it talks about)