The problem isn't that TCC grants a Unix file permission bypass - because it doesn't, at least not on it's own. The problem is that ordinary users can create APFS snapshots via Time Machine, and then mount them with Unix permissions disabled (noowners). When Apple was told about this they decided to gate the snapshot mounting stuff... behind Full Disk Access, not being an admin. And Finder has FDA, because of course it does, otherwise users wouldn't be able to use their own filesystem rights at all.

All of this smacks of different parts of the macOS core team not understanding their security model. One half seems to think Full Disk Access just means "has the user's file system permissions instead of sandboxed access" (hence why Finder has it), while the other thinks it means "access the whole disk, regardless of other permissions". Both interpretations are reasonable but become unreasonable when combined into a single system.

So is the article just plain wrong then?

Can an app given full-disk permissions not access data in other user folders other than the user who started it?

This is why I'm so confused.

To an extent neither are wrong - full disk access doesn't directly bypass the live filesystem's Unix permissions. But it does explicitly grant full access to Time Machine backup images regardless of admin/superuser privileges, including the ability to create new up-to-date snapshots, which is equivalent to full read-only access ignoring Unix permissions (on a short time delay.)

... in this case it _does_, albeit in a roundabout way via Time Machine local snapshots. In short, the attacker can bypass Unix file permissions by mounting a local backup with owners disabled.