Hi,
Firstly, I would like to thank the maintainers of Flathub for guiding me through the application submission process, it was greatly appreciated!
I have noticed today in the Flathub application screen the newly added assessment UI element. As I understand it, it describes textually and graphically the permissions requested in the repository file.
While I value the transparency provided, I am also taken aback at the harshness of the wording and of the visual highlighting, especially related to file system access, e.g. āUnsafeā and āCan read all your dataā texts, coupled with the red exclamation mark graphic.
The inferred meaning, based on the current widespread conventions, is that such an app has a high likelihood of being malicious, and a potential user would best steer clear of it. All of the presented elements (the texts āUnsafeā and āCan read all your dataā, and the red exclamation mark graphic) are subconsciously remarkably powerful, thus priming the potential user to discard the application.
As is stands, the implementation of this feature hurts both the application developers, who may find it unpleasant for their app to be marked as dangerous, and the users, who will be more inclined to disregard a significant section of the Flathub applications offering because of it.
My suggestion would be to reword the āUnsafeā header to āPotential safety concernsā, āCan read all your dataā to the less dramatic and more granular āHas [access type] access to file system entries: [granular enumeration of the requested file system entries]ā, and to change the red exclamation mark to a milder orange question mark.
As an extension point to my suggestion, application safety due to requested permissions could be assessed by looking into the permissions in conjunction, rather than in isolation, e.g. an application requesting file system read permissions that does not also request network permissions is virtually harmless, and thus should be granted a different assessment than an application that asks for both permissions.
Thank you very much for reading my suggestion, and please let me know what you think of it!