The analog to UAC on Android is permissions, which work pretty similarly to ios. You could argue that the user gets used to just clicking agree and that not much is gained for the average user.

Sideloading apps and unlocking the bootloader is much different. It requires the user to actively go through the settings to enable the options, which would only happen if the user knew what they were doing in the first place. And after you try to enable the settings, you are bombarded with warnings before the settings actually apply.

An app can't trick you into flipping these switches. Most of them are actually hidden in developer mode anyway.

I challenge you to prove these have ever been a vector for attack. It's just not practical.

The security lost is zero, and the freedom gained is immense.

There is no evidence that malware is utilizing these vectors to any measurable degree.

If you don't want to control your device, that's fine, but don't spread FUD that carefully design6 user-controllable devices are less secure than closed devices, when the opposite is true in practice. See XCodeghost and others.