iOS only allows writing in your sandbox container. There is no user-facing filesystem of any kind, documents are moved from apps through explicit sharing only.
Android’s the same, except not, but it really is. At issue is the SD card, which you can request access to using the WRITE_EXTERNAL_STORAGE permission, which is a free-for-all. Google has been clamping down on this since Android 3.x, where non-primary SD cards (on most phones, the external SD card is non-primary for stupid reasons) require WRITE_MEDIA_STORAGE, which is a Google/OEM-only permission. 4.4 gives auto-generated sandbox container permissions on the SD card and a proper file picker, obsoleting the use of either permission for everything but file managers (which are pretty much screwed on 4.4 devices that follow the WRITE_MEDIA_STORAGE restriction).
Windows is a desktop operating system and thus does not sandbox filesystem access. Modern UI applications on Windows 8, however, are sandboxed, but there’s a sandboxed file picker that grants access to user files. However, most productivity applications on Windows don’t use Modern UI anyway, primarily because secure file pickers hamper their primary use case.
And, on broader points raised in this thread, I would like to point out that it’s fairly difficult to have productivity applications on platforms with no generic file storage. For work apps to, well, work, they need to be able to:
- Pick files from a user-facing filesystem
- Write to picked files arbitrarily, for the length of the user session
- Not be restricted to only picking files the application originated
Notably, you could have a permission-granting file picker ala Android 4.4 and Modern UI Windows.
The tricky part is documents that span multiple files. OSX is a prime offender as they encourage directory hives as a standard way to segregate multiple types of data present in a document, and just structure all the UI to pretend that the documents are actually single files. Also, you have file formats that allow other data to be embedded by linked paths, e.g. a 3D modeler which allows pulling assets from other files. I’m not sure how to handle either usecase as it would require making the user approve opening potentially hundreds of unique file paths every time they want to work with a document, quickly turning into a “mother may I” situation.
Given that the implied use-case is productivity apps I don’t know how to provide these functionalities in ways which are both secure and don’t pose UX issues. In any case, we should not be giving web applications full-disk access.