There are endless good reasons for an app to request access to the SD card, so I would say it's still very reasonable to trick anybody into accepting it.
The idea of handling the SD card has a global shared filesystem that totally bypasses the application sandbox is a security disaster from the get go. Fortunately, SD cards are on the way out, and Google doesn't even bother to fix it at the system level since they're dropping it anyway at some point.
The idea of handling the SD card has a global shared filesystem that totally bypasses the application sandbox is a security disaster from the get go. Fortunately, SD cards are on the way out, and Google doesn't even bother to fix it at the system level since they're dropping it anyway at some point.