These services are designed such that security sort of depends on reviewing the programs that are allowed to run. Microsoft, Google and Apple all do this. It adds expense, annoyance, limitations, and really very little security.

The contrasting approach, where one designs a platform that remains secure even if the owner is allowed to run whatever software they like, may be more complex but is overall much better. There aren’t many personal-use systems like this, but systems like AWS take this approach and generally do quite well with it.