As of today, there is a “Potentially Unsafe” warning with this:
Can access hardware devices; Can read/write your downloads; Uses a legacy windowing system
I’m well aware that the permissions model protects users and this is to alert users that they are opting into a permission. My concern is how non-technical users view this - I’ve had a few reports from users in my community that upon seeing this notice they think best not to install the app (this is after failing to manually install it themselves via a source distribution, which of course they can’t manage being non-techincal). So the main usecase (in my view) of flathub for our project - being a great, simple method for anyone to install our app - is harmed.
Going through the specific permissions:
“Can access hardware devices” - we support gamepads. As far as I can tell, there is no more-granular permission to request.
“Can read/write downloads” - We could probably change this to just reading; but the reason for this is to make downloading assets from an external site simpler to load into the program (asking a user to move files to the right place would be a headache)
The legacy windowing thing - yeah, that’s something we should change. No problems with this warning.
Ideally, flatpak would support some more granular perms for the gamepad usecase; but what would really help is if we could provide a “justification” for each permission that an app requires in the flatpak config. As it is today, the current messaging around “unsafe apps” is probably a little more user unfriendly than it needs to be, and being able to explain each permission needed (right alongside its warning) may help.
I do mostly agree, but please be aware, that this (mostly) matches what gnome software does. And your non-technical users likely go through that to install.
Virtually all of the most popular apps are labeled “potentially unsafe”, this is a very bad decision no sane software store should make, especially not one as promising as this one. Please reconsider.
I also think that this kind of message is harmful. I produce an application developed with Fyne (in Go), which uses GLFW for the interface. In no way is this library " unsafe ".
The fact that the interface warns of access to peripherals doesn’t shock me. But how is an application that uses a windowing system other than Gnome “unreliable”?
In my opinion, this message should clearly be revised.
The problem at this time is that Gnome doesn’t provide a correct decoration for GLFW apps. So, Fyne uses X11 windowing. Libdecor is not fully implemented. And to be honest, the decorations is (my opinion) ugly (seeing the Blender window decorations on Gnome for example).
As soon as Gnome could make SSD, there will not be this problem.
But… it seems that Gnome Team doesn’t want to implement SSD.
That will leave a lot of people being considered to provide unsafe app.
Note· that fyne allows Wayland compilation. The decoration is ugly
I listed all of my flatpaks: flatpak list --app
and checked all of them on Flathub. Interesting all of flatpaks I use are marked as Potentially unsafe on Flathub.
Exception is just one flatpak I use, which is marked as Probably safe and this is flatpak (Gnome) Calculator with “Has network access”. Interesting, why does Calculator needs network access?
EDIT: I have checked and one of the feature of Calculator is countries currency conversion and to get current currency rates, internet access is required.
In my humble opinion it is nice Flathub is doing some research about safety, but in my humble opinion there is broader problem. Flatpacks itself should have better security mechanism like when application is trying to do some action that is potentially unsafe, to ask for permission. For example when Calculator tries to access network flatpak as system mechanism should temporally prevent network access and pop-up a question to user like: Calculator is trying to access network and there should be options user can select:
Always allow
Allow this time only
Never allow
Now what is purpose of marking almost all of the applications in application store as Potentially unsafe?
Is this indication that Flathub is shit-store with unsafe applications? I don’t think Flathub is any less secure that e.g. Windows store or ordinary DEB/RPM package stores.
If user see “Potentially unsafe”, what should this tell the user? In my humble opinion, unsafe applications should not be available on application store, this is responsibility of store provider. If there is “potentially unsafe” application, then application store should advice user to user some other “safe” application.
What options developer have? In rare cases I see benefit, like Calculator really does not need network access permission and this permission should be removed. But in majority of cases developer can’t do any useful action. If app runs on X11 base, what can really be done. In most cases this is toolkit problem, that apps are build upon.
I am also developing an application using Fyne and like @metal3d already has mentioned before, we don’t have Wayland support yet for various reasons. With my application Rymdport, I am also worried about scaring away potential users but there isn’t much I can do about making the warnings go away yet.
Now what is purpose of marking almost all of the applications in application store as Potentially unsafe?
Yeah I really second that. When calculators are marked unsafe you know you really went too far.
Desktop applications may use files. I know right? They probably use network and Internet for many things, and that may range from checking if they are up-to-date, updating currency rates, to… Selling user data? Obviously.
Now let me tell you about my dilemma.
I have one application that’s marked unsafe because of network access. Users can use a remote mysql database instead of embedded sqlite if they wish to use the app from multiple devices.
Should I remove the feature that make the app “unsafe” to get a green mark? After all, it’s not that important. Right?
Calculator is trying to access network and there should be options user can select
What your describing is a portal
If you think security can be solved by popups, then you really have learn nothing from Windows Vista.
If the users can adjust permissions in the gnome software that would be perfectly acceptable. In fact it would be pretty neat.
But then you would need to default permissions to on (or show a popup to let them choose, right ?) and not scare the user into thinking internet access (or a legacy windowing system) means doom.
