All that looks good on paper, but a lot of apps require full disk access and can easily run in the background, so how "trustable" can that really be in practice?
With iOS at least I know that apps really are sandboxed and cannot access anything unless I grant permission. No app can ever attempt to access my photos unless I explicitly pick a photo or grant partial/total access. Even then it's read-only or "write with confirmation, every time"
Well both of your complaints were already addressed. Android introduced the scoped storage system to remove and fix abuse of "full" disk access, and they also added the foreground notification system which forces a system notification to be displayed if any app is doing work in the background, so that you know about.
Right, but if the average real-world Android experience lags behind say iOS in terms of security, then the point, even if outdated, still serves to disprove the parent’s premise that AOSP is the most secure.
On GrapheneOS you can choose specifc storage scopes, even if the app is requesting full user storage access.
And you can deny the file access permission like any normal permission, most modern apps request music or videos and photos, rarley an app requests full file access.
With iOS at least I know that apps really are sandboxed and cannot access anything unless I grant permission. No app can ever attempt to access my photos unless I explicitly pick a photo or grant partial/total access. Even then it's read-only or "write with confirmation, every time"