I'd worry that translating this to an end-user-relevant concept of security would lead to a lot of scares, though.
Probe all the files in a directory to see which ones are “yours”: “What? Why is it accessing all the files? So suspicious!”
Require a specific name pattern or something: “I never have to remember to do this on the other apps…”
There's a lot of these tradeoffs that in human life are resolved through reference to all sorts of subtle human things that the machine knows not of. We're at this liminal point where “app” software is given a bare form of “agency” from a social perspective as an extension of its developer, but it doesn't have the intelligence to negotiate over it much (and I think that's behind some of the model-simplification pressure that's encouraged heavy vertical integration).
Probe all the files in a directory to see which ones are “yours”: “What? Why is it accessing all the files? So suspicious!”
Require a specific name pattern or something: “I never have to remember to do this on the other apps…”
There's a lot of these tradeoffs that in human life are resolved through reference to all sorts of subtle human things that the machine knows not of. We're at this liminal point where “app” software is given a bare form of “agency” from a social perspective as an extension of its developer, but it doesn't have the intelligence to negotiate over it much (and I think that's behind some of the model-simplification pressure that's encouraged heavy vertical integration).