[mrbungie]

I think it's a good design decision that just lacks control during the app review process.

There are apps that need full access to your photo gallery to be really useful (i.e. where limited pool of photos may have little sense in those contexts), photo deduplication apps being a case on point. At least that piece of information gives the app a chance to tell the user that it may not work as expected.

Now, if an app misbehaves based on photo sharing permissions (i.e. Google Photos not being able to work), that is a decision that the product team took. They're the ones responsible and that should be judged.

If anything there should be tighter controls during the app review process on how those apps use that info and avoid the ones that only work when sharing the full gallery.

[never_inline]

I am the user, and if I allow only Screenshot and Whatsapp images folder to be accessed by your deduplication app, I want it to work on these 2 folders only, without accessing my camera. Same for lets say backup app.

[mrbungie]

Yeah sure, that's what should happen. I'm not saying otherwise, read the comment again.

[hakre]

YMMV, but IMHO it is preferable that the fundamental execution model of the app stays in control of the app-executing user and should not be affected or be dependent on the app review process. Rationale is to prevent single point of failures, especially those that are out of control of the user (compare with the emergency off switch on some bigger machinery).