Of course, the system for it is rudimentary, and puts a disproportionate amount of control in the hands of providers. And that works very well for them too.
And it is a pretty terrible solution to the problem.
- It is also keeping the good guys outside too: Anyone that want to analyse and understand the security of the system for good reasons cannot. Excepted if explicitly allowed by the corporation X and that is a terrible security property.
- No root access also means very little control or ability to scan the system itself if your are not the X corporation controlling it. That means no possibility to mandate reviewer corporation Y to check that corporation X is doing the right thing. TPMs currently make that even worst by design, they are undocumented and complex, therefore rely on blind trust that company X do the rthe ight thing. And since the Intel management engine fiasco, we do know they are not doing the right thing.
- Bonzi Buddy and toolbar type of problem can be easily avoided by separating properly the normal user account from any admin account(the unix way). It should be painful to be admin but not impossible, just to make sure your grandma do not install a rootkit by mistake when she want her 20% coupon.
In summary: That is mainly bullshit from company X to keep full control on the entire user device, and not for their own good.
Regarding Bonzi Buddy, I disagree. I think user data is as important, if not more important, than root access - which is why I'm dumbfounded when ancient server security features, like Linux's sudo system, are applied to the consumer device like a PC or a smartphone. These contexts are much better server by a sandboxing, permission-based whatever that seems to pick up steam, like the current permission systems on smartphones. Grandma's logins and bank data will be stolen from her own user account just the same as an admin account. Related XKCD[1]
I say let them be. As long as they also have the freedom to remove or not install such software, it's a good thing. Instead we have locked-down devices with the functional equivalent of such unwanted software, protected so that you cannot remove it without somehow getting root.
"Those who give up freedom for security deserve neither."
Do they deserve to not be able to shop online without fear of having their payment information stolen? Or mistyping a URL in their non native language and ending up at a scam website that installs malware? Or simply having a device that comes to a crawl such that they cannot reliably video call their grandkids?
Ugh, except that one goes overboard in the completely opposite direction, and often doesn't let me properly share data between apps even when I want to.
And no, it's not smartphones' faults. Most people just don't "get" desktop OS paradigms, or how web pages work, or any of that, and they don't really care to.
That's because they "won't miss freedom they never had".