But it's not security theater. Sandboxing and strong isolation is one of the oldest techniques around for increasing security. iOS has the least malware of any OS. The security measures it contains would appear to be extremely good at keeping out threats that plague many other platforms.
Sandboxing and strong isolation are not mutually exclusive with allowing third-party sources to install apps. If their sandboxing is as good as you say it is, there should be no security threat imposed by allowing other apps on the device. The two should be distinct, separate threat models, but Apple conflates them.
Allowlisting is also one of the best security practices you can implement, because allowlisting significantly reduces the problem space of executables you have to consider (and dangerous executables, if found, can be removed from the allowlist). There's always a chance that a piece of malware which somehow breaks the sandboxing and isolation can find its way onto someone's device; allowlisting greatly mitigates this possibility.
Endpoint security is everyone's problem now, because everyone has one or more always-connected devices. The future of computing is a signed, remotely attested path from power-on to user application code, all checked against an allowlist of approved binaries. For most, this will be a good thing.
> If their sandboxing is as good as you say it is, there should be no security threat imposed by allowing other apps on the device.
No, because it's part of a defense-in-depth strategy. Sandboxing and isolation is meant to catch what app review misses, without app review people would be attacking those mechanisms directly at a much higher frequency.
