Well they could prohibit it if they wanted. They could even require that apps provide a method to inspect traffic. They never will though, because cert pinning is good for security, and any user-accessible method to access secrets becomes a target for phishing or other social engineering.
That would certainly be the day I go "what the heck, Apple/Google." They could certainly try and prohibit it, but I don't think the backlash would bode well for them, and we'd only see people obfuscating their traffic even more.
