> I get why

Apart from purely political/commercial reasons, I don't see why.

Sandbox and App Store are mutually exclusive reasons for this situation.

Option A: you have good security architecture, so running arbitrary code is safe because all the data is well-isolated and programs cannot mess with each other's data. There is no need to have humans reviewing apps, apart from optional parental controls that people may opt into.

Option B: you don't have good security, so you need to micro-manage app publication and have ability to revoke them, in case an exploit is discovered.

Also, for a development machine, when you run arbitrary 3rd party open source dependencies, build scripts etc, you really want iPad-like security model where each project lives in its own sandbox. But the Unix permission system is an unusable mess, so even if you put your project in a container, your build script can still push to git repo and do other fun stuff outside build folder.

It is impossible to build a sandbox that protects all user interests if there are no checks and controls.

A sandbox can not protect against things like user tracking or crypto mining and can give no guarantees about what an app is going to do with the private data you are entrusting to it.

Why would it not rely on both ? Why would any security measure not have an additional security measure ? In my opinion there is no such thing as a “good security measure”. There are only security measures that haven’t been broken yet.