Not sure how good bubblewrap is, to my knowledge it only refuses unprivileged actions and doesn’t really have a way of “negotiation” between the sandbox and the app running. I do know that flatpak does have this option for at least the file picker dialog, which is a good direction, but ideally the mobile OS’s permission system should be adapted in some way.
My gripe with flatpak is that it mixes up a (imo bad) way of packaging with sandboxing.
My gripe with flatpak is that it mixes up a (imo bad) way of packaging with sandboxing.