There is a difference between having all my files and being able to access all my files via a client.
1) My files are not on their service and thus not available at their discretion; they would first have to be uploaded.
2) With that logic all applications "have" all my files, but you bet I'd find it weird if I caught Libreoffice uploading files of interest to a service of theirs.
That said, I do see your point. Most desktop applications (as opposed to mobile apps) are capable of a lot more than they need to, and even many popular mobile apps are. I just wouldn't say I implicitly trust them with all of my files.
> 2) With that logic all applications "have" all my files, but you bet I'd find it weird if I caught Libreoffice uploading files of interest to a service of theirs.
On macOS this is not true though, for well-behaved document-based apps! Sandboxing prevents access to anything you haven't explicitly granted access to. I don't know if Libreoffice implements it correctly, though.
And before someone says that this is not feasible for a Dropbox-like application: OneDrive is distributed via the App Store (with its sandboxing requirements).
There's been some downvotes (thanks for the constructive feedback /s), but I'd agree that this is a better way to put it. Anything that asks for root has 100% access at that moment, and possibly in future. It's easy to forget with all the "training" that `sudo`and confirmation dialogs provide, but true. Heck, if you install something (and by install I mean allow itself to integrate into the system, as opposed to say a script), you have to trust something. Either you trust the issuer, the package maintainers, or yourself (after you've checked 100% of the source code and compile it), but there's trust at some point.
Hell no they don't? They have some shared folders between classmates and a few encrypted archives for personal backups.