> I would like there to be a process similar to disabling System Integrity Protection on macOS, which requires booting into recovery mode. From there you can gain kernel access and inspect whatever processes you want.
The biggest concern I'd have with this would be that it would almost certainly be abused to install undetectable surveillance software on devices, e.g. by a partner in an abusive relationship, or by overbearing parents on a child's device.
When you unlock the bootloader of an Android phone, Android (A) deletes all existing data on the device and (B) adds a big, red warning message to the startup screen. They're simple mitigations, but I have trouble imagining how someone in e.g. an abusive relationship wouldn't notice these changes.
Is it perfect? No, but everything in life is a tradeoff. And not being able to study our own devices is a big problem too.
That can be dealt with though. Could be like Safe Mode in Windows was/ used to be, where your wallpaper gets replaced by text saying you're in unprotected mode.
That could easily be disabled, though. The whole point of this mode is to allow users to tamper with the device, after all; it would be difficult to stop users from tampering with code which checked whether the device was in that mode.
The biggest concern I'd have with this would be that it would almost certainly be abused to install undetectable surveillance software on devices, e.g. by a partner in an abusive relationship, or by overbearing parents on a child's device.