In hope of some understanding:
File system access on iOS is sandboxed ... an app's storage space is private to that app or apps that have been authorized with a security certificate by the user, following a very rigid security protocol. Everything follows the same model, system files and libraries are only accessible through the mechanism of the certificates embedded in the app development process. So access to system files, etc, that are "open, at risk to attackers" in the Android universe are not on iOS.
My understanding of the situation differs on several levels.
First: Android. The security model is quite similar. Each app is sandboxed and can only access its files. System files and libraries are not normally accessible to the end user. USB mass storage can only be accessed by special apps, similar to Apple's "files".
Second: iOS. The "files" application can be used to transfer data between diverse app's storage space. It can also access a central repository of files (iCloud) and can be linked to other apps that have their own central repositories (e.g. network devices and the one below), but in a very convoluted and counter-intuitive fashion.
How to make a USB-connected, general purpose, mass storage access system as secure as the built-in sandboxed file system is the challenge.
That is not a challenge. There are actually several implementations, like this one:
It connects to the lightning port. There it identifies and starts its app. Identification is regulated by the MFI framework:
https://developer.apple.com/programs/mfi/
The problem is that, apparently (info is only available to large companies), Apple put the MFI program in limbo, in particular for the new iPad pro which use USB-C instead of lightning. Therefore nobody is going to invest into an adapter for mass storage on the new iPad pro, considering that no real new hardware is necessary for mass storage access and no approval is really possible.
What I am requesting (and I am not the only one), is that Apple amends the built-in "files" application so that it shows mounted mass storage along the "iCloud" external storage and that it allows the same access on that mounted storage that it already allows for iCloud. That is trivial to implement (for Apple).