Comment by yencabulator

Comment by yencabulator 8 months ago

2 replies

View on Hacker News

The S in Flatpak stands for Security.

Flatpak is primarily a convenience mechanism for app makers. Any security boundary you may find in it is optional, all defaults are always toward not breaking apps. Apps pretty much uniformly either silently get read access to all your files, and even when that is not true they often get permanent read-write access to any file you open in them.

Go look at the permissions for GNOME Papers. Try to argue that it's "sandboxed".

akimbostrawman 8 months ago

>Apps pretty much uniformly either silently get read access to all your files

This is outdated information. The situation has improved since the publishing of flatkill with flathub loudly warning about permissions and less apps having full R/W access.

Android apps can be configured insecurely too although less severe, still it's the users responsibility to check and modify permission.

In either case it's a substantial improvement from no isolation at all with much easier handling than other sanbox tools or MACs.

Reply View 1 reply
  • yencabulator 8 months ago

    > less apps having full R/W access.

    Not good enough when apps can still silently have full access to home and /media without the user even realizing.

    Reply View 0 replies