Apple iOS has shown what corporate IT departments have long known: the only way to make an end-user device secure, is to remove the user's root access and block software installations. Apple iOS has a really good reputation for security. And part of that is because the only way to get software onto it, is via the App Store, which gives Apple the chance to stop malware before it gets onto a phone.
Google Android can be used in the same way. Don't sideload, and your device will be secure. Android has a worse reputation for security - but still far better than consumer Windows PCs. But the attack vector is usually someone being persuaded to install an application from an .APK from a dodgy site. While malware in the Play store does happen, it's not as risky as installing things from outside the store.
It is really sad that the only options are "horribly insecure" or "monopoly control". I really don't like either of those options. I wish we lived in a world where we could have security without monopoly control. But the world we live in isn't perfect. And the people in it aren't perfect either. And it looks like those are the options.
The EU law will change the current balance. It will reduce security, as well as reducing Apple's monopoly control. Anyone who claims otherwise just doesn't understand the Apple security model, or believes users are far less gullible than they have repeatedly been shown to be.
There has, for a long time, been an alternative to Apple that lets you install your own software. That's Android.
My Aunt has an iPhone and (until this law comes into force) I know she can't be tricked into installing malware on it. I have an Android and I could install my own apps on it if I wanted to, but I know enough to make it much less likely I'll fall for the scams. The security decision was made at the point of purchase. I was OK with that.