The plan here is quite simply that any memory in your device becomes a cache of some cloud storage somewhere.
SD cards have the problem that they can be removed, and thus easily inspected, so cloud services wanting to keep their data locked up when it's cached have to resort to measures such as Facebook's Conceal library, which is more to do with preventing users from getting their own info out of Facebook than it is preventing any actual malicious activity.
Why not just an app that registered a service that was basically a cloud provider for your SD card? Any apps wanting to access the shared storage would use the service's API to request access to a content. The shared storage would really be the private storage for the storage app.
Seems like this would be the best of both worlds, no crazy free-for-all external storage but shared data with some type of prompting to grant an app access to a particular path of shared storage.
SD cards have the problem that they can be removed, and thus easily inspected, so cloud services wanting to keep their data locked up when it's cached have to resort to measures such as Facebook's Conceal library, which is more to do with preventing users from getting their own info out of Facebook than it is preventing any actual malicious activity.