disabling system-wide is pretty much impossible. If OSes added such a toggle, people would start using their own SSL stack and overall security would suffer (because people won't be keeping their SSL stacks up to date)

This is already a reality. There are at least 5 banking apps I can think of that statically link OpenSSL and use that instead of OS crypto.

That would pretty much beat the purpose, the author of the app doesn't anyone to snoop.

Data generated on my phone belongs to me. By definition I cannot snoop on myself.

No, it really doesnt. Terms of service are only legally binding within the law and the EU has already ruled that reverse Engineering software on your own device is just fine.

So I'll happily keep on ignoring those tldrs.

OK, then how do we separate the data that is his versus data that belongs to somene else? Maybe we would have to look at what is being sent from the app?

Who knows? The two things are unrelated. My comment wasn't anti-reverse engineering, just stating a fact: just because something is in your phone doesn't mean it's yours.

The parent stated "Data generated on my phone belongs to me."

I interpreted this as "Data generated by me on my phone belongs to me."

The user could agree to license her rights to the data, e.g. via terms and conditions. But it's still her data. That's why the agreement is necessary.

None of this has anything to do with "reverse engineering".

The scenario I am thinking of is a user looking at her data being sent from her hardware over an internet connection that she is paying for.

Except you can with a jailbroken phone. Never trust the client, ever.