Why is it sufficient to openFileOutput() a file with mode MODE_WORLD_READABLE (as the manual says) to make a file readable by other apps (via a share Intent)?
Even if the file is readable, doesn't the directory remain private (rwx------ rather than rwxrwxrwx)?
Even if the file is readable, doesn't the directory remain private (rwx------ rather than rwxrwxrwx)?
Having the directory be deny-all would prevent third parties from listing the contents of the directory or creating new files there. It has no impact on being able to read a file given a fully-qualified path to that file.
That being said, please do not use MODE_WORLD_READABLE. Use FileProvider instead, so you have finer-grained control over who has access to that content. That way, for example, you can have the file be completely inaccessible except for a specific share operation.