If application A has private files (regardless of the type) then no, no other (non-root) application can access them. There is a content provider framework that an application can use to register files that it would like to allow other applications to access.
Look at where things are in the PC world, viruses, malware, keyloggers, etc. The android permission model is the alternative. Allowing any application access to the entire external storage if it needed to write one single directory was a bad thing. If you want android to continue to allow random apk installation from different sources they needed to patch this hole. The other option to keep your phone safe is a completely walled garden approach (Apple) that polices apps a lot more than Google seems to want to.
Apparently, it is a zero tolerance policy except for the provided apps even if you trust the app developer.. Which basically means you cannot truly replace the provided apps without rooting the phone.
Indeed. Which is why I say this represents another component of a strategy away from open systems, and towards the sort of proprietary walled-garden experience offered by Apple.
Not only is this a betrayal of many early Google evangelists - myself included - it's a fairly cynical exercise to build such a system on the Linux kernel.
Look at where things are in the PC world, viruses, malware, keyloggers, etc. The android permission model is the alternative. Allowing any application access to the entire external storage if it needed to write one single directory was a bad thing. If you want android to continue to allow random apk installation from different sources they needed to patch this hole. The other option to keep your phone safe is a completely walled garden approach (Apple) that polices apps a lot more than Google seems to want to.