[amelius]

I don't think that's the solution because apps may easily "bribe" the user into giving the app more access than it strictly needs. The bribing goes like: "sorry, but if you don't give me full access, then you can't use me". Simple, but very effective in most cases.

A better solution (imho) is to make the app think it has access, while in reality its access is limited to a sandbox.

[scarface74]

That’s still a problem with the OS. Why does any app need access to the file system instead of the users photo library or access to certain files in a document store where the app only has read access to files that the user explicitly chooses in a system provided file picker or can write files to a location that the user chooses?