I am currently implementing an android app with Kotlin and ran into some issues with the "new" Storage Access Framework (SAF). In my app the user can choose two folders, let's call them source and target. The app should only have read access to the source but read/write access to the target. I would prefer if this was enforced by the system, such that the app doesn't delete any files it shouldn't.

But the issue is that the app can delete files in both folders and I don't understand why. The permissions have been correctly persisted like this:

//
if (folderType == "source") {
    requireContext().contentResolver.takePersistableUriPermission(
        it,
        Intent.FLAG_GRANT_READ_URI_PERMISSION
    ) 
} else if (folderType == "target") {
    requireContext().contentResolver.takePersistableUriPermission(
        it,
        Intent.FLAG_GRANT_READ_URI_PERMISSION or Intent.FLAG_GRANT_WRITE_URI_PERMISSION
    ) 
}

and I also double-checked that:

requireContext().contentResolver.persistedUriPermissions.forEach { perm ->
    Log.i(TAG, "URI: ${perm.uri} | Read: ${perm.isReadPermission} | Write: ${perm.isWritePermission}")
}

which prints:

I  URI: content://com.android.externalstorage.documents/tree/primary%3ATest%2FTarget | Read: true | Write: true
I  URI: content://com.android.externalstorage.documents/tree/primary%3ATest%2FSource | Read: true | Write: false

I am deleting the files with

val deleted = DocumentsContract.deleteDocument(resolver, fileUri)

I tried to find this out on the various documentation pages and with the help of ChatGPT but wasn't really successful. My current assumption is that this is simply how it is but I don't really get why and what the permissions are for if they are not used by the system to enforce storage access.

I would appreciate any help with that. Thanks in advance!