Security concerns about iOS' permission model re: Files & Folders access

Under iOS’s Privacy & Security --> Files & Folders section, users can toggle the listed apps' access to files and folders. However, I inadvertently discovered that an app creates a folder within the On My iPhone storage space and writes its internal configuration data to it. Notably, there is no entry of this app within the Files & Folders section that users can grant or revoke the access.

I have never explicitly granted or even anticipated the app to create files adjacent to mine or make them visible through the Files app. In fact, I can delete the folder, and upon running the app again, it will be re-created. My primary concern lies with iOS’s permission model, which is purportedly designed to safeguard users from potentially misbehaving app. If an app is capable of creating a folder and writing “On My iPhone” without explicit permission or at least notification, how can I be assured that iOS effectively protects my file data from potentially misbehaving third-party applications?

The app in question was installed from the official App Store and is developed by a public service agency in transportation. Once again, my primary concern revolves around iOS’s permission model.

Some individuals have suggested that the application may be utilizing system-level APIs that do not necessitate explicit user consent. If the appeared entries under the Files & Folders section rely on the app's self-request and self-discipline, and there is no OS-level access protection mechanism in place, what is the purpose of the corresponding setting section?

I appreciate any expert who can provide valuable insights.