Letting a US company (under jurisdiction of, say, US Cloud Act, but also unknown administration orders that might come) strictly control the phone for a privacy focused EU citizen (or more broadly, non-US citizen) seems super dangerous.

The requirements are not onerous, it is the basic preemption of monopolist behavior.

Qualifying "random apps" is something that is a true challenge, but that holds regardless of the API being offered — the problem is that Apple saves some programming API only for themselves, instead of introducing acceptable & objective market terms to be met (if deemed unsafe, they could require companies to demonstrate compliance with things like CRA to get access to these APIs).

> Opening up all access to control the phone to some random app the consumer installed seems super dangerous.

Do you never install software on your desktop computer?

Don’t install the app then. Consumer protection at some level means the consumer needs to be informed. I’d rather have a choice than just chow down on whatever the gatekeepers call food.

True hacker spirit here.

"Onerous requirements": users have the right to chose, users have the right to privacy.