At the end of the day it is a matter of preference and convenience. Is it safer to separate them? Absolutely. Is it as convenient as keeping them in one place? Absolutely not.
So, pick your poison. Personally I have my MFA tokens in three separate locations, two self hosted server applications and in a mobile app (2FAS Auth). More for fallback/backup reasons. Having them in my password manager is just too convenient.
Well, there is in the EU, but that does not help anyone not here.
An unlocked boot loader is something that would have to be forced from Apple’s hands like sideloading was in the EU. No way in hell they would pursue that on their own.
Rapairability is a point that bugs me as well, hoping for right to repair laws in the EU to force all manufacturers to make the devices better in that regard.
In regards to stock systems, I agree.
Been stuck in the convenient ecosystem for a while, and I cope by telling myself Apple makes the bulk of its money with hardware and services. Not ads like Google. But if I would start over from zero, I think Graphene OS and Linux would be the way. But migrating the whole family away from our current Apple line up - I dread that challenge.
Yeah, same with forcing ISPs to save connection data on all users long term. European court slapped on the hands a couple of times, still not done. Like some kind of undead policy