Different threat models. Your typical Android device (and Linux server for that matter, at home or at scale) is not usually running security-sensitive general workloads for multiple tenants in the same OS instance. :-)
I don't think that's right. The threat model for Android for example could well be a malicious third party leveraging a vulnerable app to gain access to your banking app on the same device. There's definitely (meant to be) a security boundary between apps.
These are all security boundaries of a kind, some more effective than others, balancing priorities according to threat model. Running every app on your phone in a hardware virtual machine would be... an expensive choice.