Logging and open source have nothing to do with security.
Why should people publish their code? How would you enforce it? f you can’t enforce it, what’s the point?
It’s possible without open source. The Safe Browser could log API calls but, if you had control of the OS, you could also just run the apps through strace/ltrace or similar and have a full log of everything they do. Would it help though?
For one, do you have any idea how much data those logs would be? Where would they be stored? Would you put up with the performance hit?
Who would want to go over “every command and every operation” their device executed? Who would have the time even if they wanted to? Going thorough the logs takes a lot more time than generating them so you’d have about 5 minutes of action and the rest of the day would be spent on the logs.
So, is it either security or privacy now?
Those are just the minor problems with the idea.
There are many things that shouldn’t happen at all not just shouldn’t happen unnoticed. If a bad app on a girl’s phone takes pictures of her and they end up on a bad site, she will learn about it with or without the log files eventually. Will it help her?
No, the only sensible approach to security is the principle of least privilege. Firstly, it’s unacceptable for an app to have access to anything it’s not explicitly authorized for. Secondly, no app should be authorized for anything that isn’t necessary for its functioning.
The question is not if it will be “too inconvenient” or other bullshit like that but how to make it happen without making it too inconvenient. It’s the Safe Network, after all. What’s the point of a rock-solid foundation if we plan to build sandcastles on top of it???