The Android security model strictly forbids it. This should be enough of a problem as it is the very foundation to establish security for the system's user.
I don't know enough about the Android security model to evaluate what you're saying. What parts of the Android security model does F-Droid violate? Is there a spec or description of the Android security model anywhere that I can read?
There's a paper by several Google employees describing it. I haven't read it, just skimmed and searched keywords, but near as I can tell it doesn't mention anything like what the OP thinks it does:
