idea: why not to use posix acl (file permissions) to restrict apps?

i have seen apparmor profiles, and they mainly consist of file paths and read, write, execute permissions. this seems duplicating usual file/path permissions of linux/unix (posix acl). why not just use that usual permission system instead of apparmor/suexec? daemons/servers like apache, mysql are running with their own user. so, every app can be given its own user. then a problem appear: files saved by different human users with same app will have same owner, so will be accessible by other human users, other than who really saved it, using same app. maybe there is a way to make them not accessible, maybe tweaking user (owner) and group permissions of home folders, addng app and human users to some groups...