There are tons of sandbox type features in most modern OSs to prevent apps from interfering with each other. For e.g..

1) Virtual memory protection (can't access other app's memory)

2) Protection rings (safe transfer from UM to KM for system calls)

3) User interface isolation (one process can't interact with another's UI)

4) I/O privilege levels (prevents one rogue app from causing I/O starvation)

5) Process Integrity Levels. You can run apps under your own identity (be it super user or admin or regular user) but assign them reduced permissions as far as accessing data goes. You can run at-risk apps this way so that they can run without having access to any of your data.

6) You can restrict access to various other things in addition to the data using ACLs (network, device drivers, etc).

7) ABI level isolation using user mode kernels ("Library OSs").

Yes and these protections are only used to their full potential on something like iOS. On Windows, macOS, and Linux these are not used to defend your data or system out-of-the-box like they are in a browser.

A massive wall with an open gate isn't much of a wall.

Actually, browsers use these very same techniques to make web-apps more secure !!