My guess is that you're assuming, wrongly, that vendor locked devices are "safe" and unlocked devices are "unsafe".
All computers that are connected to the internet are unsafe in some ways. The most dangerous apps on your computer are the vendor's own built-in web browser and messaging app.
Also, the vendor-controlled software stores are unsafe cesspools. You will never find a more wretched hive of scum and villainy. Moreover, the vendors deliberately make it impossible for you to protect yourself. For example, iOS makes it difficult or impossible to inspect the file system directly, and you can't install software such as Little Snitch on iOS that stops 3rd party apps—as well as 1st party apps!—from phoning home.
In any case, most computers, including Apple computers, have parental controls and the like, so you can lock down your own device to your heart's content if you don't trust yourself, or you don't trust the family member that you're gifting the device.
Today, yes, I can lock down the iPhone I give to my son, but if it can be unlocked to run arbitrary software then he can in theory unlock it. Yes, it is on me to continue to monitor the device to make sure he hasn't done it, but the point stands
And the assumption you refer to, there are varying definitions for "safe". Is a device with a locked bootloader 100% safe in all use cases and all circumstances? Of course not. But me being able to reasonably trust that someone hasn't put a compromised version of the OS on the device, or, won't be able to put a different firmware on the device to brute force my encrypted contents is a bit of safety in a certain set of circumstances that I want in my device
If Apple, or anyone else, were precluded from locking the boot loader yes, I would be forced to buy a device that the FBI or anyone else could in theory poke around on enough to try to get at my data
> Today, yes, I can lock down the iPhone I give to my son, but if it can be unlocked to run arbitrary software then he can in theory unlock it. Yes, it is on me to continue to monitor the device to make sure he hasn't done it, but the point stands
You're scared of the wrong thing. The greater danger isn't arbitrary software but rather your son running up massive App Store charges on IAP of exploitative games and other scams. And if you think Apple will refund you, think again. Locking the device to the crApp Store isn't the solution. To the contrary, the solution is to enable parental controls to prevent access to the crApp Store.
> But me being able to reasonably trust that someone hasn't put a compromised version of the OS on the device, or, won't be able to put a different firmware on the device to brute force my encrypted contents is a bit of safety in a certain set of circumstances that I want in my device
These are possible without vendor lockdown. Devices can be and are designed so that the consumer can lock the device down and prevent modification, etc. Of course you can't constrain yourself, if you have the credentials to unlock the device, but you can constrain everyone else, whether they're children on the one hand or thieves/attackers on the other.
> but if it can be unlocked to run arbitrary software then he can in theory unlock it.
I'm effectively the admin several machines with many users on them. I have root access. I'm not at all concerned that they'll gain root access. Just make yourself admin on your child's phone, I don't see the issue. Apple and Google can even make gaining root access require some technical (but documented) methods. Look at the requirements to gain root on an android phone currently. You should be comfortable going into a terminal and using ADB. I'm not worried about the average user doing this nor even the average smart child. Hell, follow Apple's lead and require a 1hr lockout if you're really concerned about someone getting root on your device. How often will that happen if it requires being connected to a computer for an hour?
My guess is that you're assuming, wrongly, that vendor locked devices are "safe" and unlocked devices are "unsafe".
All computers that are connected to the internet are unsafe in some ways. The most dangerous apps on your computer are the vendor's own built-in web browser and messaging app.
Also, the vendor-controlled software stores are unsafe cesspools. You will never find a more wretched hive of scum and villainy. Moreover, the vendors deliberately make it impossible for you to protect yourself. For example, iOS makes it difficult or impossible to inspect the file system directly, and you can't install software such as Little Snitch on iOS that stops 3rd party apps—as well as 1st party apps!—from phoning home.
In any case, most computers, including Apple computers, have parental controls and the like, so you can lock down your own device to your heart's content if you don't trust yourself, or you don't trust the family member that you're gifting the device.