Right, so there are few layers to this, and lots of them involve the system not following the principle of least authority. For example:
- If you're just taking a photo and need to save it, why does the app need access to all your photos? Surely an append-only capability would be sufficient.
- This depends on the app, but if you're just taking a photo why does the app need internet access? If the app is a typical camera app, it sure doesn't - you might often want to pass the data to an app that does (via e.g. a share sheet) but in general the camera app itself has no need to reach out to the internet. (And if it does, does it really need to be unrestricted access to the internet?)
- Why is it so easy for apps to request access to everything and so hard for the user to say "no, actually you only get to see this"? (iOS has been improving this lately but it's still a pretty rare feature.)
But yes also as you allude to, it's not obvious to the user what access a program has after it's been granted.
- If you're just taking a photo and need to save it, why does the app need access to all your photos? Surely an append-only capability would be sufficient.
- This depends on the app, but if you're just taking a photo why does the app need internet access? If the app is a typical camera app, it sure doesn't - you might often want to pass the data to an app that does (via e.g. a share sheet) but in general the camera app itself has no need to reach out to the internet. (And if it does, does it really need to be unrestricted access to the internet?)
- Why is it so easy for apps to request access to everything and so hard for the user to say "no, actually you only get to see this"? (iOS has been improving this lately but it's still a pretty rare feature.)
But yes also as you allude to, it's not obvious to the user what access a program has after it's been granted.