Meanwhile I’m from 97 and started with a Gameboy color and Pokémon Red (although admittedly that was around the time Pokémon Ruby for the GBA got released, I just played on hand me downs from a cousin)

With iPhones yeah, but MacOS is not very locked down at all. You can run all the unsigned code you want.

Although you could argue the new Apple Silicon Macs are kind of locked down, since Apple only allows kernel extensions on the older Intel Macs

Yes, this would only be a concern for targeted attacks by state actors, in which case not even buying new would be safe.

Thinking about it, in such a scenario buying used may even be safer

A valid excuse may be that they want to prevent GPS spoofing

Can the user access the app file itself? Not acceptable

This is possible on any Android phone, no root or custom rom required

Time to switch away from Auth I guess. Not even using GrapheneOS cause I have a Samsung phone, but this is not acceptable