They are pre-placed on an Android phone by Google, as if every user “may” need them at some point. They are from entities all over the world.
The FCC should make the practice illegal.
Android can change to operate such that the user is asked if they want to load a certain certificate, when and if the user’s use of the phone encounters some cause to ask for it.
The user should have the clear option of saying no, informed only that saying no may affect just something they are trying to do at the moment, and nothing more.