Doesn't android use RNDIS for USB tethering? IMO this is the main reason why USB tethering doesn' work with macOS.

This is going to prevent the use of many USB modems and tethering from the overwhelmingly vast majority of Android phones.

As it stands, currently the only phones that don't use RNDIS and instead use CDC NCM are the Pixel 6 and 7 lines of phones.
Android hasn't "had this disabled for many years", there are "real systems" that rely on RNDIS: it's over 99% of Android devices.
It's still the protocol chosen by vendors as it's the lowest common denominator. The Android developers haven't made any moves to remove or revise supported configurations so devices that are launching with Android 14 can still only implement RNDIS.

My question is still the same as when the patch first hit the mailing list, what vulnerability is there that is so catastrophic the only solution is to slowly remove support for it while the ones still implementing it are left in the dark.
Is it not possible to add the ability to not initialize the driver and USB interface if the device has not been trusted for that session? If it's going to be drummed on about untrusted devices being a vulnerability then why does the USB subsystem automatically trust them.

And there still has been no response to the issues or questions brought up by the sole person that NACKed the patch, the Google network developer. If it's going to be forced through anyway then why were the incorrect statements not removed or revised.

In the end distributions are still going to be building kernels with it, as plenty of users rely on it as the sole method of internet connection.

"This is going to prevent the use of many USB modems and tethering from the overwhelmingly vast majority of Android phones."

Based on the following, quoted in the article, I would say no.
​
"Greg Kroah-Hartman on Monday created the usb.git rndis-removal branch where he is disabling all the RNDIS protocol drivers.
.....
​

Doesn't mean vendors aren't enabling it on their releases.

Isn't it up to we the people to decide to use it or not? What if we're not using it in an environment with untrusted devices?

Well, Android or their distributors can always distropatch the support in as needed. But that makes clear that they are those with the obligation to support that.
If something is not supported or maintained in the kernel, it should not be in the kernel.

You need rndis on both Android and the Linux PC for tethering to be successful. Android handset distributors patching rndis into their kernels does jack.

Let's see your reaction when your Android phone will no longer tether to your Linux PC because rndis is removed from the kernel.

... waiting for a rust or microsoft developer to post, "So buy a new phone."

Uh, what? I don't like it but I haven't seen a phone that doesn't use this for tethering. I don't need another thing I need to patch into my kernel.