Apps are a different thing since even if you sideload apps, one app can’t insert itself in to another app to scrape your data. While extensions are almost like kernel extensions that can do just about anything.

The naivety of innocence is rather blissful, isn't it?

Care to provide an example of an ios app which can read the data from other apps when they shouldn't?

1. Android and iOS sandbox applications. But if I grant permission, a mobile app can read files from my photos, or documents, SD card on Android, etc. folders. I can even ship a mobile Safari extension on iOS.

2. Desktop platforms do not universally sandbox applications (though they are trying). You can install a desktop app that steals all the data in your home directory, including your entire browsing history, with no permission dialog whatsoever.

3. That aside, browsers sandbox extensions just like mobile applications. One extension cannot access another extension's data.

4. Furthermore, by default, a browser extension can only access content from its own origin. It is in fact sandboxed from the rest of the sites you visit.

5. If the user grants permission, a browser extension may access other sites.

So in short, browser extensions are in fact sandboxed.

And your idea of mobile apps accessing data is entirely dependent on the qualifier "when they shouldn't", which, arguably if given permission, they should so it's a moot point.

The shared data on ios and android isnt all that important. Sure, you might not want a random app to read your photos, but it's not getting access to your bank session token. And these days you can grant apps to only specific photos.

The vast majority of extensions require the ability to read and modify the dom on any website to do anything. This is so much worse than the average app permissions.

An extension can read another origin’s secure cookies? That’s news to me.

I don't think it goes that far but a while ago the Twitter app was somehow polling for registered request handlers and discovering what other apps were installed. Not their data, but their presence, to profile their own users.

But the idea of the app isolation is just that — apps should not be able to touch each other.

There are of course escape hatches, because sometimes you want apps to interact.

Extensions cannot touch each other. They also can't touch other websites without an escape hatch, because sometimes you want your password manager to modify the DOM and fill in your password for you.

extensions have to touch other websites to be useful

Not all of them. Momentum is one of my favorites and it just gives me a new start page.