> It is built to overcome limitations, not impose them. In this regard, it's a perfect tool for a criminal who wants to circumvent security measures, because these are limitations.

None of those limitations actually provide any security.

In order to use your bank's mobile app, you need your bank login credentials. It does not matter how secure a bank app on your phone is or whether it requires some kind of attestation because the attacker is going to get the victim to type them into a fake app or the attacker's web page which don't require any such thing and aren't even necessarily on the same device. And then it does not matter what kind of device you require the bank app to be installed on, because the attacker will get one of those and use the phished credentials in it.

There is no security value in requiring things that are useless.

> A FOSS OS also assumes that the user values the freedom, and is competent in its technical aspects.

This is not an assumption at all. The user is not required to write their own software or install anything from outside of a trusted repository. The value of the OS to such people is that someone else can write that software, and then as it matures it makes its way into the trusted repository.

But if mere mortals can't do that, if kids need an ID and a credit card in order to learn and experiment and hobbyists hit friction and spend their time on something else, then those things are killed in the cradle and never exist to begin with. And then instead of free software made by the people who wanted to use it, you're left with only apps made by predatory for-profit corporations and scammers that make it into the official store because their scams are profitable.

> It's a bit like driving on public roads. If you want to drive yourself, you have to reveal your identity and obtain a license.

It isn't a public road, it's your own phone.