Flatpak and Snaps are built to solve this. They do conflict with some expectations from users to be able to play around with things, though, so they do not have the penetration one might want.

They only cover the user-facing app part of the story. The rest of the system needs isolation and safeguards, too, including things like the desktop environment and whatever random daemon.

A solution that's integral to the system and not just loosely taped on is required.

Flatpak provides very weak sandboxing compared to android. It was more about packaging and distribution than security.