> Firstly if an app does want a space that’s filesystem shape but does not want users/apps to have access for security or consistency reasons ( think Spotify offline storage of songs ).

Then they should not store anything on user's device.

> Secondly if the user has access they can do the “easy” thing and just throw lots of files in, including things which are sensitive anyway.

OS could add a warning when copying the files into the folder.

> It’s interesting to look at how Android and iOS have handled filesystem sandboxing in relation to this.

Many apps on Android request "media access" which allows accessing all user files.