SUMMARY I was having a look at the Flatpak permissions page in system settings, which is great. I then thought about the idea of replicating what Android used to do, and warn the user about the permissions an app is going to have when "Install" is clicked. A simple popup, maybe with all permissions nicely layed down in a catchy way. A part from warning users, this could have the benefit of potentially highlighting cases where the application requires less permissions than it needs to work properly (happened to me), so that the user has a chance of noticing immediately instead of after some hours of outrageousness
I'm not sure how a user would detect that an app is going to need more permissions. We do show some of them, maybe we need to show more, what are you missing exactly?
(In reply to Aleix Pol from comment #1) > I'm not sure how a user would detect that an app is going to need more > permissions. Simply by looking at such an hypothetical permissions summary popup, I would be able to infer that. That was not a general use case, but still a common one according to my experience. For example if I install AssaultCube and I spot no data access (casual reference...), I may immediately wonder "hmm, how can this game save settings and progress without data access permission?" > We do show some of them, maybe we need to show more, what are you missing > exactly? No no I did not mean you are not showing them/all, I just wanted to say it would be better to have them highlighted and confirmed by the user right before the install. Again, the best example that comes to my mind is Android <=7.0
In general my view goes along with KDE's AFAIU, when flatpak permissions have been integrated inside system settings. I really do think flatpaks and apps in general need to be taken care of as much as possible by KDE from the user perspective, they are still too much of a jungle.
(In reply to David from comment #2) > (In reply to Aleix Pol from comment #1) > > I'm not sure how a user would detect that an app is going to need more > > permissions. > Simply by looking at such an hypothetical permissions summary popup, I would > be able to infer that. That was not a general use case, but still a common > one according to my experience. For example if I install AssaultCube and I > spot no data access (casual reference...), I may immediately wonder "hmm, > how can this game save settings and progress without data access permission?" All Flatpak have a private storage space in `.var/app/appid.foo.bar`. Most applications don't need full storage access. > > We do show some of them, maybe we need to show more, what are you missing > > exactly? > No no I did not mean you are not showing them/all, I just wanted to say it > would be better to have them highlighted and confirmed by the user right > before the install. Again, the best example that comes to my mind is Android > <=7.0 This is going to be an additional dialog that will be clicked through by most users. Non Flatpak apps don't show a dialog warning that they have access to everything on the system. Why should Flatpaks do when they generally have even less access? Android now warns on first launch. This is something we could do but would expose a lot of implementation details about applications.
> All Flatpak have a private storage space in `.var/app/appid.foo.bar`. Most > applications don't need full storage access. Sure, matter is if they are aware of that, and try not to write/read anywhere else, which they typically do... > This is going to be an additional dialog that will be clicked through by > most users. Non Flatpak apps don't show a dialog warning that they have > access to everything on the system. Why should Flatpaks do when they > generally have even less access? Another good point, I presume this would make sense because one can choose permissions (even though after install), as opposed to regular apps where there is no choice. > Android now warns on first launch. This is something we could do but would > expose a lot of implementation details about applications. Ofc this would be the greatest solution. Imagine a calculator flatpak asking for mic&camera access, vastly improved UX. Also in legitimate cases, telegram flatpak asking for mic&camera, I only give mic. I don't understand when you say exposing a lot of implementation details if it's a minus for you or not. Personally I think regular users would accept that just like they do with smartphone OSs and maybe partially like it, whereas power users would surely appreciate. If you're speaking of dev effort, I'm no exactly into this specific question but I can imagine.