Yeah, sure complete access to all files is rediculous. I think more of something like: By default every app has its own directory and the user can (easily) grant an app access to additional directories.
That way it can't do much damage and when you trust it, you can give it more access.
I use the localStorage as a cache for some of the offline capabilites but as a persistent storage it sucks as you can't easily open the stored "files" with other programms or PWAs.
The private directories is the way Android does it. It is a good idea, provided you can easily allow access to other directories (as you suggested). Unfortunately they missed that second point.
That way it can't do much damage and when you trust it, you can give it more access.
I use the localStorage as a cache for some of the offline capabilites but as a persistent storage it sucks as you can't easily open the stored "files" with other programms or PWAs.