In the near future (Android 11), App developers are only going to be allowed full access to their App specific directory. MIT have already started to make AI2 compliant, it's a Google Security Measure.
How far this is going to go in terms of read/write/create elsewhere on the device I do not know, but sounds like it will be at the severe end of harsh.