When a user is in the flatpak group they are allowed to manage systemwide Flatpaks. This allows granular control, does not require wheel access and allows to exclude users for “child protection” or similar.
I know only one app that must be installed as a system Flatpak, “GPU Screen Recorder”, because it requires some hacky privilege escalation.
I wonder, why can only system flatpaks do that? Is there any security benefit of using user flatpaks?
I switched back from using user flatpaks, as I had duplicate libraries and wanted to slim down my system.
Are there any benefits on a single user system, for security alone, to use user Flatpaks?
Because it uses a hacky privilege escalation. It has nothing to do with being a user or system installation but with being runnable by root which is only possible if it’s installed into a installation accessible by root.