Per one tech forum this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application.”
In my experience, the API has iteratively made it ever harder for applications to automatically perform previously easy jobs, and jobs which are trivial under ordinary Linux (e.g. become an access point, set the SSID, set the IP address, set the PSK, start a VPN connection, go into monitor / inject mode, access an USB device, write files to a directory of your choice, install an APK). Now there’s a literal thicket of API calls and declarations to make, before you can do some of these things (and some are forever gone).
The obvious reason is that Google tries to protect a billion inexperienced people from scammers and malware.
But it kills the ability to do non-standard things, and the concept of your device being your own.
And a big problem is that so many apps rely on advertising for its income stream. Spying a little has been legitimized and turned into a business under Android. To maintain control, the operating system then has to be restrictive of apps. Which pisses off developers who have a trusting relationship with their customer and want their apps to have freedom to operate.