Why is there a redirect to the native app in PKCE?

Why even have a redirect? Wouldn’t just a normal TLS/HTTPS request/response protect the requests and token?

The one argument I have heard against TLS is that there could be an app that acts as a proxy and presents it’s one cert on the phone. But if that is the case how would this be different from a normal desktop app?

To me it seems like PKCE is protecting against a compromised device. I would assume if native requires PKCE then desktop apps (non-browser) would also require PKCE.