Gnome “Software” flags my Flatpak with a big red scary “Unsafe” flag, as it can allegedly “Read/Write all your data”. That is untrue, as it can’t touch the root directory, other disks or a USB stick, which is borne out by clicking for more information: “Software” states: “Home/Folder Read/Write access. Can read and write all data in your home directory.” The app has " - --filesystem=home".
Potential users might be put off installing it because of the flag - but it would be unusable without access to their home directory. Being able to write to one’s home directory seems perfectly reasonable to me. Wouldn’t a milder warning be more appropriate?
I asked on Flathub and was referred to Gnome which referred me here, saying it’s Fedora that manages flags and the message “Approved by your distribution” in “Software”. How is Fedora Approval achieved?
A milder warning would not seem appropriate to me.
A users data is usually in their home directory. Anything that can read&write into the home directory can potentially damage all the data there.
A warning that tells the user the app can write into the home directory seems very reasonable to me.
After all, most malware is distributed through the actions of users and seldom requires an administrator level access.
The packages fedora delivers from the fedora repos in rpm form are vetted for standard access and permissions. Flatpaks are different and warnings, especially for those from a 3rd party repo, seem very appropriate.
Hi - Sorry for a totally novice question, but without knowing what your app’s purpose is - is it definitely something that requires uninhibited access to the user’s full home directory structure, or would some specific subfolder or flatpak portal method work instead? If I interpret correctly from browsing a lot of listings, picking specific individual subfolders triggers “Potentially unsafe” and the user is shown those subfolders in that dialog box, and just using portals to let the user pick what the app can access when it’s needed triggers no warnings at all.
And I hate to be too pedantic, but the first statement from the Software app is actually true - as I would think of it, the stuff outside of ~ is “the system”, but my home directory is “all my data”. So if an app really does have full access to that, then I really want to understand a lot more about it before installing (feel free to laugh, but I sweated into my mouse before installing kdenlive because of its access rights, despite the wide adoption and reputation of that program!).
Realistically a user should not attempt to install software without already being aware of the purpose. Doing so would be, at best, foolhardy.
If the user is already aware of the purpose and has an idea of the scope of the actions expected from the app then the user can choose to install or not when that warning is received.
It is, after all, the users responsibility to ensure the security of their own system and to educate themselves as to what software does before installing it. Each user has to decide for themselves what is acceptable for their own risk model.
And yes, you are correct in that “all the users data” is usually in the home directory so the original statement is incorrect. He goes on to explain how he interprets it as meaning system wide rather than the users data.
It is worth noting that fedora has an app called flatseal that can modify the permissions of most flatpaks and allow more or less than default access. I use very few flatpak apps and thus have not ventured into the flatseal arena. I am unaware of the details of that app.