There are limits on Android anyway, what your side-loaded apps can do without you using a custom ROM or rooting the device is restricted somewhat.
I’m all for allowing power-users to side loads apps, but average user definitely needs to be thought as a child that will use 1234 as their password, and click ‘ok’ on every pop-up without even reading it.
There is no need for an app store review process to stop apps from requesting the "write to other application's data" entitlement; this can be enforced by the phone itself.
That's what entitlements are, and the App Store review is what ensures you don't have bogus entitlements.
There are entitlements that, for example, control whether or not you can read the user's message database, the entitlement has to exist so that messages app and daemons can access that database. The App Store review process automatically rejects submissions with those, and other similar, entitlements. There are entitlements that allow reading and writing arbitrary data from arbitrary applications, because (for example) there are OS daemons and services that need to read/write all of that data (the settings app can report disk usage, there's the daemons that install and uninstall apps, etc), and again those entitlements are gated by store review.
The entire trust/security model for iOS starts at the store review disallowing system entitlements, and gating even allowed entitlements on appropriate notice in the app description.
You should really read the apple platform security documentation, but to give you an idea of what entitlements exist on the system I found this one for iOS 13: https://gist.github.com/jankais3r/1f839820f83be90d419140a6b8...
Hopefully you can look at that list and get an idea of how removing the gate on applications being able to specify whatever entitlement undermines a huge component of the platform security model.
Also I don't know what you mean by bogus entitlements, if it's not meant to be used by user apps than it wouldn't be available to user apps, if the app needs to have access to a certain feature that required a permission, it would need to ask gently the OS and the OS would need to approve it (maybe even after asking the user), or the app would not simply to be able to access it, so it's in the app's interest to have the permissions laid out correctly so that the OS knows. From the previous message you seem to believe that the app could just simply bypass the dialog asking the user for permission.
The inability of binaries to do malicious things on iOS is the result of the sandboxing and entitlement mechanisms of the platform. The store review and approval process is what stops applications from including entitlements that undermine the platform security. If you remove that step from the process there is nothing stopping an application shipping with the system entitlements that allow the application to read or write to other app data, or the entitlements to talk to system services without prompting permission dialogs, etc.
If you want to remove the review and approval systems that the App Store has (and it sounds like are going to be required for 3rd party stores?) you have to have an answer for that. Otherwise you just end up with the android malware problem.