[TeMPOraL]

> Why would it need to access storage outside of its own sandbox?

To allow you to send and receive attachments.

Name any one permission, I'm pretty sure I'll find a reasonable case for it to be used in a messenger app.

However, a pretty strong case can be made that current permissions allow for way too much. For instance, I should be able to send attachment by picking them through another (OS or third-party) file picker, so that the app only gets temporary, read-only access to the selected file. Similarly, for saving attachments the app needs only a virtualized location with write access.

[nothrabannosir]

Is it the responsibility of the app to display the file browser? I’m not an app developer but I’d expected you could essentially call “osGiveMeAFile(constraints...)”, and it would pop up a native file picker dialog without your app ever having access to the full FS?

Then again I wouldn’t be surprised if google had botched this. They did it wrong for Google Drive apps, and as a result any app that wants to do something as outlandish as, say, opening a file requires read access to all files on your entire google drive, just to display a file picker.

Sometimes I wonder if anyone at Google actually thinks about these things, like, at all. How does this happen? What are those meetings like? Surely someone noticed? Ho do they think about “trust”? It never ceases to amaze me.

[TeMPOraL]

I agree. IMO, what should happen is: the app request for file(s), an isolated (as in, separate sandbox) file picker is shown to select those files, and only stream handles + metadata (size, file name without path) is returned.

[scarface74]

The app still shouldn’t need access to the entire file system. The app should be able to launch a file browser, the user chooses a file and the OS gives it acccess to only that file or set of files.

[TeMPOraL]

Yeah, I agree.

Really, the problem is that all of that gets ridiculously complicated for an average smartphone users, which makes it trivial for app developers to "bribe" users by having the app essentially tell "give us permissions or else it won't work".

I'm all for aggressively delisting applications that refuse to work when non-essential permissions were not given. Something like PlayStore GDPR, only for permissions.

[scarface74]

For instance, I should be able to send attachment by picking them through another (OS or third-party) file picker

The native file picker on iOS works with iCloud and third party storage providers like Dropbox, OneDrive, Google Drive, and Box. Any storage provider can integrate with it including apps that store everything locally.