zlacker

[parent] [thread] 6 comments
1. troad+(OP)[view] [source] 2026-02-03 23:42:30
Notoriously not actually secure, at least in the case of Flatpak. (Can't speak to Snap)

Not sure how something can be called a sandbox without the actual box part. As Siri is to AI, Flatpak is to sandboxes.

replies(3): >>jacobg+s >>Fergus+D3 >>vondur+3p
2. jacobg+s[view] [source] 2026-02-03 23:44:38
>>troad+(OP)
The XDG portal standards being developed to provide permissions to apps (and allow users to manage them), including those installed via Flatpak, will continue to be useful if and when the sandboxing security of Flatpaks are improved. (In fact, having the frontend management part in place is kind of a prerequisite to really enforcing a lot of restrictions on apps, lest they just stop working suddenly.)
3. Fergus+D3[view] [source] 2026-02-04 00:02:47
>>troad+(OP)
Doesn't it use bwrap under the hood? what's wrong with that?
replies(1): >>okanat+Fa
◧◩
4. okanat+Fa[view] [source] [discussion] 2026-02-04 00:46:26
>>Fergus+D3
Many apps require unnecessarily broad permissions with Flatpak. Unlike Android and iOS apps they weren't designed for environments with limited permissions.
replies(1): >>IsTom+bu1
5. vondur+3p[view] [source] 2026-02-04 02:24:41
>>troad+(OP)
I assumed the primary feature of Flatpak was to make a “universal” package across all Linux platforms. The security side of things seems to be a secondary consideration. I assume that the security aspect is now a much higher priority.
◧◩◪
6. IsTom+bu1[view] [source] [discussion] 2026-02-04 12:00:04
>>okanat+Fa
> Unlike Android

My experience with android apps seems to be different. Every other app seems to be asking for contacts or calling or access to files.

replies(1): >>HPsqua+Gz1
◧◩◪◨
7. HPsqua+Gz1[view] [source] [discussion] 2026-02-04 12:42:21
>>IsTom+bu1
You can usually deny those. If they ask for them without a good reason, that's already suspicious.
[go to top]