Look for example at password rules.

Rules restricting the range of passwords that may be used in an arbitrary fashion can markedly decrease the search space for an attacker.

A strict rule count by itself is neither good nor bad. Well, arguably, it's bad, as it increases system complexity, side effects, loopholes, and trains users to thwart restrictions. Ideally you want a small number of sane rules (mostly based on role and access), tightly implemented, with strong auditability.

Going back to passwords: the simple check of denying the use of any known password (there are collections of millions now from various site compromises) would be an audit check, not strictly a rule, though it might result in a rule of "known passwords will be denied".

It's less a matter of security and more a matter of consistency. MS's/Apple's rules are geared towards ensuring apps don't affect battery consumption too wildly while in the background. Android has no such restriction, and any app you have installed can decrease your battery life significantly even if you do not open it.

The advantage of this, of course, is platform flexibility. The disadvantage is inconsistent app behavior (battery is drained by background apps).

Semantics. The strictness of a security model says little about the security of a security model, especially when comparing different security models. (And not all security is wrapped up in a security model either! I wouldn't trust an Android or iPhone conversation to remain private, fortunately there's PGP.)

These restrictions are not about security. They are about power consumption.

A strictly less strict model implies ≤ security (someone might try to argue there are some paradoxical cases where it's >).