484275 – Warn and confirm installation of Flatpaks with potentially dangerous permissions and when permissions change

Bug 484275 - Warn and confirm installation of Flatpaks with potentially dangerous permissions and when permissions change

Summary: Warn and confirm installation of Flatpaks with potentially dangerous permissi...

Status:	RESOLVED MOVED

Alias:	None

Product:	Discover
Classification:	Applications
Component:	Flatpak Backend (show other bugs)
Version:	6.0.2
Platform:	Fedora RPMs Linux

Importance:	NOR wishlist
Target Milestone:	---
Assignee:	Plasma Bugs List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-03-22 20:32 UTC by Neal Gompa
Modified:	2024-03-23 02:05 UTC (History)
CC List:	4 users (show)

See Also:	https://invent.kde.org/plasma/discover/-/issues/16
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Neal Gompa 2024-03-22 20:32:59 UTC

SUMMARY
I've noticed over time that when installing and updating Flatpaks, Discover does not appear to warn when installing Flatpaks that have potentially dangerous permissions (e.g. general filesystem access, session bus access, etc.) or when permissions change on update.

This can lead to situations where the user is not fully aware of the consequences of the action, potentially around hijacks or malware installations.


STEPS TO REPRODUCE
1. Open Discover
2. Enable Flathub
3. Install "Podman Desktop" or "TeXstudio"

OBSERVED RESULT
Discover just installs the app.

EXPECTED RESULT
Discover prompts with a confirmation dialog warning about some permissions that can allow outsized impact with malicious applications.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora Linux 40 (KDE Plasma)
(available in About System)
KDE Plasma Version: 6.0.2
KDE Frameworks Version: 6.0.0
Qt Version: 6.6.2

ADDITIONAL INFORMATION
The idea here is to harden the installation process a little around Flatpaks in response to what happened recently with Snaps[1][2].

[1]: https://www.youtube.com/watch?v=kzB6fHL_2Pg
[2]: https://popey.com/blog/2024/03/exodus-wallet-part-three/

Comment 1 Nate Graham 2024-03-22 20:54:07 UTC

This might be nice, but the lack of it isn't a bug, and I'm not necessarily sure it's even problem. For apps that come from distro repos or Flathub or whatever, we rely on various factors to keep users safe:
1. Sandboxing
2. Some amount of review from the distributors
3. The developers themselves being known and trustworthy.

Having #1 being nonexistent or compromised isn't actually a real problem as long as #2 and #3 are true; if this wasn't the case, then every distro-packaged app would be dangerous. I've noticed that GNOME Software makes this judgment and I don't think it's the right call. So many apps have these warnings that they become meaningless visual noise, and the user can't tell what's *actually* dangerous vs what *might be* dangerous.

There's an existing discussion of this in https://invent.kde.org/plasma/discover/-/issues/16; let's keep the convesation there.

Comment 2 Aleix Pol 2024-03-23 02:04:38 UTC

Related:
https://gitlab.gnome.org/GNOME/gnome-software/-/merge_requests/1712

Comment 3 Neal Gompa 2024-03-23 02:05:54 UTC

Based on a discussion with Michael Catanzaro, he pointed me to this merge request to GNOME Software that contains the list of permissions it considers potentially dangerous: https://gitlab.gnome.org/GNOME/gnome-software/-/merge_requests/1712

This could help with figuring out how to do this.