> That seems like a severe security bug in Android APIs or sandboxing or something else.

No, this is the permissioned API that makes KDE Connect work, which makes Apple's Continuity look like a toy and that also lets me programmatically filter notifications.

As soon as a platform gives control to the fullscreen, harmful apps are possible.

See for example Apple detecting if a user is typing on a keyboard while in a fullscreen website, and then blocking the website. Yes it's as crazy as it's sounds.

It's a permission the app can have. Android asks the user whether to allow it when you launch the app. It's a very useful permission for some apps that I use. But a scammer can just tell the user to accept the permission.