Comment by pbmonster
4 days ago
> You download a picture in a browser, crop it in a photo editor and attach it to an email. All three apps need access to the same picture. Your backup app needs access to everything.
On Android, each of those three apps would ask you for file system permissions on first launch. Your choices are "full access to user files", "limited access" (usually one directory and all its sub-directories), "full access, but only this time", and "no access".
Both the "save file as" and the "open file" dialog only show directories the app can access, and have a button at the top that reads something like "change storage scope" or "allow more access".
The system even has options where apps can request access to e.g. all photo/video/media directories - the photo editor would probably request only those to begin with.
Also, apps can pretty much never access each others config/keys/etc files - which they never should. If they need to communicate with each other, they're supposed to use interfaces like the Content Provider, Intents or Bound Services.
I think it's pretty well designed.
> On Android, each of those three apps would ask you for file system permissions on first launch. Your choices are "full access to user files", "limited access" (usually one directory and all its sub-directories), "full access, but only this time", and "no access".
Which isn't completely useless, but in most cases the only thing you really want is "full access" or "I don't actually trust this thing" -- and most users aren't going to comprehend the difference between more fine-grained alternatives anyway -- and then you're basically looking at the distinction between normal trusted apps and something you run in a container.
> Also, apps can pretty much never access each others config/keys/etc files - which they never should.
And that's the problem, because the backup app is supposed to be able to back up everything, a malware scanner can't have potentially malicious apps hiding something from it, etc.