IMO Apple should provide the user with audit logs of which photos/videos were accessed by each app. It might be a long list but it alleviates doubt and would put huge pressure on reputable developers to ensure they don’t get caught doing things the user wouldn’t have expected (even if the user technically allowed it).
In the iPhone you can select which photos are accessible by apps.
It’s a big pain because then you have a double-picker: first pick the pictures in the native dialog asking you to decide which pictures the app should have access to, and then select again the pictures you want but this time in the WhatsApp picker. It’s very awkward.
A solution would be that Apple builds a privacy preserving picker in the OS, then mandates apps use it instead of giving them access to the camera roll and letting them roll their own pickers in the first place.
this already exists, many apps use it. I do wish it was mandatory for _all_ apps to use it instead of being optional.