Help me understand why installing a flatpak file required root

I installed an app that is distributed in the form of a standalone flatpak file. I installed it with flatpak install /path/to/this.flatpak.

To my surprise, I was asked for my root password at the beginning, and once more during the process.

This was strange because installing a flatpak has never required root before. I thought maybe it was because it defaulted to installing it system-wide (--system). There is a folder for the app in /var/lib/flatpak/app, which makes me think this is the case. But every one of my flatpak apps are listed as system installations when I do flatpak list.

Why the need for root access then? Should I be worried?

The default policy allows local admin users to install and update apps from existing remotes without authenticating.

Installing a bundle doesn’t meet those criteria, and so polkit prompts for authentication. Usually it would ask for your password instead of root’s (at least as long as you’re in the wheel group or equivalent), but either way flatpak-system-helper needs to run as root to perform operations in /var/lib/flatpak.

Thanks for the answer.

My bad, I meant to say root access. It was asking for my user password, not root’s.

Is there something that makes it a technical necessity to perform operations in /var/lib/flatpak in order to install a bundle?

That’s where the system installation is located.

As an alternative, you could use the user installation (in ~/.local/share/flatpak).

Thanks. So all I need to do is this, right?

flatpak install --user /path/to/this.flatpak

I found this: User vs system install | Flathub Documentation

To reflect on my original post, the reason it asked for my password was not because it was a system installation, but because it was a system installation of an app that was not from any of the added remotes.