>Apps pretty much uniformly either silently get read access to all your files
This is outdated information. The situation has improved since the publishing of flatkill with flathub loudly warning about permissions and less apps having full R/W access.
Android apps can be configured insecurely too although less severe, still it's the users responsibility to check and modify permission.
In either case it's a substantial improvement from no isolation at all with much easier handling than other sanbox tools or MACs.
This is outdated information. The situation has improved since the publishing of flatkill with flathub loudly warning about permissions and less apps having full R/W access.
Android apps can be configured insecurely too although less severe, still it's the users responsibility to check and modify permission.
In either case it's a substantial improvement from no isolation at all with much easier handling than other sanbox tools or MACs.