I listed all of my flatpaks:
flatpak list --app
and checked all of them on Flathub. Interesting all of flatpaks I use are marked as Potentially unsafe on Flathub.
Exception is just one flatpak I use, which is marked as Probably safe and this is flatpak (Gnome) Calculator with “Has network access”. Interesting, why does Calculator needs network access?
EDIT: I have checked and one of the feature of Calculator is countries currency conversion and to get current currency rates, internet access is required.
In my humble opinion it is nice Flathub is doing some research about safety, but in my humble opinion there is broader problem. Flatpacks itself should have better security mechanism like when application is trying to do some action that is potentially unsafe, to ask for permission. For example when Calculator tries to access network flatpak as system mechanism should temporally prevent network access and pop-up a question to user like: Calculator is trying to access network and there should be options user can select:
- Always allow
- Allow this time only
- Never allow
Now what is purpose of marking almost all of the applications in application store as Potentially unsafe?
- Is this indication that Flathub is shit-store with unsafe applications? I don’t think Flathub is any less secure that e.g. Windows store or ordinary DEB/RPM package stores.
- If user see “Potentially unsafe”, what should this tell the user? In my humble opinion, unsafe applications should not be available on application store, this is responsibility of store provider. If there is “potentially unsafe” application, then application store should advice user to user some other “safe” application.
- What options developer have? In rare cases I see benefit, like Calculator really does not need network access permission and this permission should be removed. But in majority of cases developer can’t do any useful action. If app runs on X11 base, what can really be done. In most cases this is toolkit problem, that apps are build upon.