> Unfortunately, the nature of the world is such that if you allow users to control sandboxing, the next wave of attacks will come from applications that kindly ask users to disable the sandbox because of $reasons.
You can make the best locks in the world and it's all for nothing if every time an attacker knocks on the door the user opens it up and lets them in, but the solution can't be to weld shut every door.
Security commonly fails at UX. We could do better.
But at some point, if you ask the user "should this app access your private information" and the user says yes, that's what needs to happen, and the user needs to learn when to say no.
You can make the best locks in the world and it's all for nothing if every time an attacker knocks on the door the user opens it up and lets them in, but the solution can't be to weld shut every door.
Security commonly fails at UX. We could do better.
But at some point, if you ask the user "should this app access your private information" and the user says yes, that's what needs to happen, and the user needs to learn when to say no.