This just doesn't work the way you think, this mentality is not just outdated, but dangerous. People who think like that are more subject to "low IQ" attacks than people who accept the fact they are subject to the same "low IQ" attacks that work on everybody. You are overly confident. You can't be 100% alert and suspicious 24/7, around the clock. At some point you are tired, your attention is elsewhere or you are just not up-to-date on the latest techniques that attackers combine with some form of social engineering.

Also no matter how technical you are, it's almost impossible for you to detect zero-click 0days for which you are more vulnerable to than people without root privileges. You running rooted OS actually become easier and less costly target than people without rooted OS.

> Also no matter how technical you are, it's almost impossible for you to detect zero-click 0days for which you are more vulnerable to than people without root privileges. You running rooted OS actually become easier and less costly target than people without rooted OS.

I doubt that user-controlled root access is a significant variable in the face of zero-days; LineageOS+Magisk is more likely to resist attack than vendor ROMs that are lagging security updates by months.

There are technical solutions for this problem, which are banned or delayed by GooGle.

GrapheneOS is very easy to install via https://grapheneos.org/install/web and many non-technical people do it. It's also sold preinstalled on devices. It's very easy to use and not much harder than using regular Android. People often find it to be easier than using a very complex Android UI such as what Samsung typically makes.

Providing app-accessible root compromises the security of the OS even for people not using it since it provides root access to a substantial portion of the OS and provides a way to maintain persistent root access for an attacker. A quick tapjacking vulnerability exploit is all that's required to gain full control over the device with no way to detect or eliminate it. The attacker has root so they control all the user interfaces, etc. and can hide it. They can hide what happened and block an attempt at revoking it. The idea that it only impacts people negatively if they use it poorly is wrong. Using it at all is using it poorly anyway, since the right way to implement anything is not giving root access to an application. App-accessible root access is used as an insecure shortcut to implement features without proper security models where components are given the privileges they need to function and are split up to reduce attack surface.

For example, in Android, there's an isolated netd process with CAP_NET_ADMIN for configuring the network but it can't load eBPF programs itself, only bpfloader which it only does via predefined programs. This avoids a compromise of netd being able to compromise the kernel via eBPF. Similarly, a VPN service app providing features like local filtering and/or an actual VPN does not have CAP_NET_ADMIN or other highly privileged access. User interfaces in the OS configuring firewall functionality and other network configuration do it via netd. A common use of app-accessible root is giving root access to a GUI application to manage firewall rules directly rather than having a tiny privileged component doing it and then the GUI only being given the privilege of configuring rules through that in a structured way. Principle of least privilege, isolation, etc. are basic security concepts violated by this whole approach.

Giving the user root access is not the same as giving apps root access. The user having a root access shell is not nearly as harmful as having apps able to request it.

Apps can and will coerce users into doing things they shouldn't. Root access is inherently not required by someone like a firewall configuration GUI and not the right way for the implementation to be made. That's an example of an insecure implementation leading people to believe it requires giving broad root access to the OS and the app when it's not needed by a well written implementation. It's similar to apps demanding a permission like Contacts and refusing to work without it despite it not being required, which is why GrapheneOS provides Contact Scopes and similar features for overruling the demands from the apps. App accessible root access goes against the Android and GrapheneOS privacy and security approach to an extreme.

This kind of mentality is why malware became such a big issue on Windows. It turned out ignoring security and just relying on the user to not be stupid doesn't work. That mistake shouldn't be made again and there is no reason to artificially restrict the audience of an OS to people who don't have "low IQ."

So, your proposition is to remove their ability to install antivirus software, like Google does in Android?

Users know about this problem and know how to mitigate it. Get out of my way, please.

No, the goal is to move to a system that doesn't rely on badness enumeration (antivirus) as a primary defense. You can rely on the app sandbox and the security model of the system to keep it in check.

Antivirus scanners are essentially useless on modern mobile OSes because they are limited to accessing the same things a malicious app or file would be.