Thanks for the info. I agree that knowing what an app can't do would be very useful.
And I think there should be a notion of "secure/private/encrypted storage". So when I tell an app to store some item there, I can be absolutely certain that no other app will ever be able to access it, regardless of any permissions.
Every app has its own protected storage space, but that's historically often been quite restricted in size. This is where things like SQLite databases are usually stored. It's also (pretty much by definition) not accessible using a file manager and it's much more difficult to share data from it, so it's not appropriate for music or pictures.
And I think there should be a notion of "secure/private/encrypted storage". So when I tell an app to store some item there, I can be absolutely certain that no other app will ever be able to access it, regardless of any permissions.