A truly general purpose system must either be able to run unsigned code, or allow any program to sign code. The reason is simple: a general purpose system must be suitable for software development, and build tools expect to be able to generate code and immediately run it. The last piece of software that touches the executable before it runs is the linker, and if the linker will blindly sign anything it links one might as well not have code signing at all.

There are very much cases where it is not necessary to dynamically generate code at runtime, but systems that forbid runtime code generation are not general-purpose anymore. To be clear, “you must sign and install an APK” doesn’t count, unless there is a way to make the linker do it transparently. Even this will fail in projects that use custom toolchains.

Stuff like this is what killed Termux. By forbidding applications to execute code they just created, Android made it impossible to perform on-device software development outside of a (system or language) VM. Yes, most applications don’t need to write dynamically generate code and should not be allowed to do it, but not making an exception for apps like Termux should have waited until there was a VM-based alternative.