This is due to how Java handles keystores so it’s not an Android specific issue. The reason though is because access to a store such as adding/viewing trust relationships is a separate task from creating and signing keys/certs.
In short, you may trust someone to view/update your keystore but not sign things with a key you store in the keystore. Plus, keys could be stored in multiple keystores and you want your keys locked down individually.