Misleading wording for ":create" filesystem access

Using MEGAsync as an example, it has a few directories listed as “Can create files in the directory”; those are annotated as :create in the manifest. However, this wording is misleading: the actual meaning of :create access, quoting Sandbox Permissions Reference, is

read/write access, and create the directory if it doesn’t exist

Current wording on flathub implies that application will have write-only access to the directory; this may make users think that application can’t actually read files stored in there. This can lead both to users looking to manually switch to read/write access if they want application to be able to read those files and to users believing that their data is more secure (i.e. is not readable by the app in question) than it actually is.

I suggest to change wording to match read/write access more closely:

Can read and write all data in %s (will be created if it does not exist)

I don’t understand - the description says as you quoted read/write so what makes you think it’s write only?

That’s the description in flatpak docs for developers, which many end users probably won’t read. This is what flathub shows:


No mention of read access in here.

You’re right, I think I wanted to be smart and thought gnome-software used the wrong string there (they just say it’s read/write like normal)

1 Like

Confirmed as resolved; now the generic “Can read and write all data in the directory” message is used.