I’d like to suggest a verification & validation (V&V) team. As Flathub grows, it’s harder to verify if an application is legit or not. When submitting an app, everything is verified and validated, but until then the same app isn’t monitored anymore, so we cannot tell if the maintainer(s) has/have done something malicious. As far as I know, only GNOME Software warns the user that the application requires more permissions when needed, but I still think that there should be a V&V team and a software to facilitate verifying and validating.
I wouldn’t mind volunteering if something like this gets implemented.
What do you think?