Makkaveev discovered that not all app developers, not even Google employees or certain smartphone manufacturers, follow the advice. Makkaveev demonstrated exploitation of the vulnerability in Google Translate, Yandex.Translate, Google Voice Typing, and Google Text-to-Speech, as well as system applications by LG and the Xiaomi browser.
Google researchers recently discovered that the same Man-in-the-Disk attack can be applied to the Android version of the popular game Fortnite.
And so they acted immediately.
Apart from that I don't even see the particular complexity to sandboxing filesystem access? Is it just that Android doesn't do finegraining here?