Lock the system -> get sued (or at least abused) for locking out third party utility writers. Leave the system open for extension -> poorly written apps by others ruin your reputation. Add telemetry to detect what third parties are doing -> privacy complaints.
Microsoft got in trouble for having double standards in their locks, not for having locks at all.
The complaints I see for Apple generally revolve around not letting normal programs run. Also the way they crippled their firewall settings and gave certain processes a special bypass.
But honestly that's pretty beside the issue here. Programs should be able to interact with icons, but it needs to be sandboxed.
There's no winning here.