Lots of things run android, but I can't imagine a worse place to host something you want private than on a cell phone where you don't have root but an unknown number of other people do who are capable of accessing and modifying the device at any time, in any way, without any notice whatsoever to you.
Your criticism is fair, however, not everyone keeps their Android phones configured thus. A growing minority of users--whom are the target audience of software like this, I suspect--maintain sole root access over their phone, or otherwise restrict privileged access from other software on the device. There do exist Android devices where no-one but the user have control, even without custom roms or 3rd parties at play. (Firmware is a separate issue, but that goes well beyond smartphones, and even then some phones perform hardware isolation by way of iommu.)
But aside from this, hidden services aren't exclusively used for the clandestine nor the malicious. It's a way of port forwarding on any network, even through a NAT, while also anonymizing traffic on both ends, for free. That functionality alone goes well beyond the purpose of simply hiding data. See Briar[0] for a particularly well-executed example of this.
Lots of things run android, but I can't imagine a worse place to host something you want private than on a cell phone where you don't have root but an unknown number of other people do who are capable of accessing and modifying the device at any time, in any way, without any notice whatsoever to you.
Your criticism is fair, however, not everyone keeps their Android phones configured thus. A growing minority of users--whom are the target audience of software like this, I suspect--maintain sole root access over their phone, or otherwise restrict privileged access from other software on the device. There do exist Android devices where no-one but the user have control, even without custom roms or 3rd parties at play. (Firmware is a separate issue, but that goes well beyond smartphones, and even then some phones perform hardware isolation by way of iommu.)
But aside from this, hidden services aren't exclusively used for the clandestine nor the malicious. It's a way of port forwarding on any network, even through a NAT, while also anonymizing traffic on both ends, for free. That functionality alone goes well beyond the purpose of simply hiding data. See Briar[0] for a particularly well-executed example of this.
[0]: https://briarproject.org/