I don't think androids intent system has any large security implications (I think it has had some but in general). But what I find more interesting/suprising how often I read about these types of concerns given that desktop operating systems provide very limited protection in this area e.g firefox can read all my emails since thunderbird and firefox are run as the same user.
Well, on one hand, mobile operating systems like iOS were designed to be a big step up from the security perspective; android was born more like a desktop operating system scaled down to mobile but has progressively increasing security isolating apps more and more within their sandbox with less options to run in background, hook into the general user experience of the system, and manage things that they don’t belong to them.
On the other hand, your example is wrong on macOS where apple mail and safari are sandboxed. So desktop operating systems are trying to catch up security wise and go beyond the traditional Unix security model.
I think the concerns come from the side of people (legal and real) that want to store data and perform computation on other people's devices without the owner being able to control things.
What do I mean by this? Anyone with a 'private' API, anyone who's business model involves DRM and anyone who thinks that a remote wipe of an unwilling device should be possible.
