It's because "security" is not a user one, but a security of Google Play Services.

As rooting may tamper the google's telemetry (can we already call it "spying" please).

I think you had the wrong idea on security here, the security is for the device manufacturers benefit to obsolete the hardware and force you to buy a new one not for your benefit. All the data is already being shipped off to where the hell ever for building models of you for advertising and more.

Android does have a meaningfully improved security over typical Linux desktop: the segmentation of data between apps. Imagine what would happen if people run all the proprietary crap they do on a typical Linux box. That's multiple spyware apps with full filesystem access.

Unfortunately, Google also uses it to abuse the user by also segmenting the user's access as well, "protecting" apps from the user, which is an abomination.

The whole security of both Android and iOS is a joke at this point. We know now that plenty of apps/games have proxy services built in, allowing the publisher to monetize their users, by selling proxy services to AI companies. If that can happen, with all the "security" those platforms and store supposedly offer, then I fail to see the point.

We're being prevented from installing and updating software on the devices we own, but Google and Apple will happily approve and sign malware in their stores?

They’re one in the same. You can’t exploit privilege escalation vulnerabilities unless you are vulnerable to them!

Android devices are enraging. ARM in general, why is there never a boot loader?

I have a little Android handheld game device that will allow me to dual boot a Linux from SD quite easily... but why can't I overwrite the existing install? I thought Android was more open and hackable than that.