The file picker API is there to allow apps to access and save files with the user’s consent, while bot having any filesystem access. So a properly sandboxed app would be able to open, edit, and save files wherever the user wants, while not having access to any other irrelevant files, such as your .bashrc or memes folder.
Well, no matter how I trust my photo editing app, it has no business accessing my thesis documents. Proper filesystem sandboxing does security properly.
Does it have to be sandboxed?
An app should not be able to access stuff the user did not consent to letting access.
Isn’t that what file system permissions are for?
The file picker API is there to allow apps to access and save files with the user’s consent, while bot having any filesystem access. So a properly sandboxed app would be able to open, edit, and save files wherever the user wants, while not having access to any other irrelevant files, such as your .bashrc or memes folder.
deleted by creator
Even if I trust the app, it may have security bugs. Still better to have it sandboxed.
Software supply chain attacks exist, you know?
Well, no matter how I trust my photo editing app, it has no business accessing my thesis documents. Proper filesystem sandboxing does security properly.
I would argue this is only for apps you CAN trust. Bad actors gonna act badly.