So question would be as an app dev how would someone protect their apps config/priv-data/any info if the ecosystem is open to all apps from that user.
Why would an a app doing this be a good thing? Examples? It isn't what I'm used to so I don't understand the benefits yet.
Why is that good thing, more important, than the user being able to say "I want to be able to access that data with X"?
Is there a model which works like this? I'm not expert, but AFAIK Android etc Apps store data in the file system, accessible to a all.
An Android App doesn't have exclusive access does it - except perhaps for certain privileged software? Google Play perhaps (?) - which then has the ability to restrict what the user can do with their data and their device (hence the need to root your phone to install certain stuff).
I am not saying that giving apps that ability is a bad thing, but trying to understand why it might be a good thing.
And, if you want to further elaborate, why it is a bad thing to turn the permissions model the other way up and have the user decide which App can access which data (which is I think what we are used to and expect).
SAFE Demo App
As an example: the decision by some developers to sandbox the the files uploaded by the SAFE Demo App, rather than create them in a sub directory of Drive, was not what I as a user expected or wanted. Letting the user decide which other Apps can access those files would have avoided that wrong expectation on my part, and ensured I could do what I wanted with the files it uploaded. @DavidMtl would also not have implemented his App impersonation feature in SafeEditor!
It would be more intuitive to me to have different top level directories with different levels of security. For example: perhaps I could set each top level directory to one of:
- accessible to any app
- ask before granting first access, but remember this authorisation until I explicitly revoke it
- ask before granting access, and revoke access on certain conditions (system restart, time based expiry etc)
These could be further refined to allow read only, or read write, in each category above.
This mechanism would also have a similar UI/UX for the user when sharing files with individuals - so something learned in one context, easily understood and applied in another.
In fact, maybe Apps could be treated just like other users and the same UI used for file sharing, and control of application data access?