Well, no matter how I trust my photo editing app, it has no business accessing my thesis documents. Proper filesystem sandboxing does security properly.
The file picker API is there to allow apps to access and save files with the user’s consent, while bot having any filesystem access. So a properly sandboxed app would be able to open, edit, and save files wherever the user wants, while not having access to any other irrelevant files, such as your .bashrc or memes folder.
Does it have to be sandboxed?
An app should not be able to access stuff the user did not consent to letting access.
deleted by creator
Even if I trust the app, it may have security bugs. Still better to have it sandboxed.
Well, no matter how I trust my photo editing app, it has no business accessing my thesis documents. Proper filesystem sandboxing does security properly.
Software supply chain attacks exist, you know?
I would argue this is only for apps you CAN trust. Bad actors gonna act badly.
Isn’t that what file system permissions are for?
The file picker API is there to allow apps to access and save files with the user’s consent, while bot having any filesystem access. So a properly sandboxed app would be able to open, edit, and save files wherever the user wants, while not having access to any other irrelevant files, such as your .bashrc or memes folder.