This would be ridiculously annoying. We had it in the past for Spectacle and everyone hated it. Security that annoys people into requesting or finding a workaround to turn it off isn't actually real security.

How about having a checkmark to always allow for that app? That way random malicious apps still cant just make a screenshot, but the trusted screenshot app only has to ask for it once

That already happens for apps using the portal API. It doesn't happen for Spectacle and Flameshot because they use a special internal KWin-only screenshot API that bypasses the confirmation prompt, for usability's sake. They do this because they are screenshot apps, and as I alluded to before, making an app ask the user for permission every time it wants to exercise its primary purpose makes people want to throw their computers out the window.

Now, you might say, "the existence of this backdoor means any Wayland app can use it to take screenshots without permission on KWin". And you would be right. There are trade-offs here.

It's an open topic of discussion, and we may end up porting back to the portal API and trying to improve its usability. For example, asking only once per app, as you suggested.

It may or may not be feasible, though.

Regardless, this is a topic that KWin and Plasma folks are aware of.

Just FYI this has come to my attention lately:

Privsec.dev (a site focusing on security and privacy but with an emphasis on security) has removed KDE and now only recommends GNOME because of this "security issue": https://github.com/PrivSec-dev/privsec.dev/pull/267/files

Following this, there was some discussion on Privacyguides.org (a site focusing on security and privacy but with an emphasis on privacy):
https://discuss.privacyguides.net/t/linux-desktop-environment-security-wrt-screenshot-privileges/19910
https://discuss.privacyguides.net/t/people-should-avoid-wayland-environments-which-use-wlroots-as-the-compositor/17899

And as a result the main website was updated to now mention that GNOME has a "notable edge in security": https://github.com/privacyguides/privacyguides.org/pull/2690/files

I think it would be good if Plasma could have parity with GNOME but ideally without annoying the user too much. Perhaps some sort of whitelisting for Spectacle and otherwise asking permission (only once) for any other application? 

(My guess would be that most users just use Spectacle for screenshots rather than installing a third-party app. Maybe some other well-known apps like Ksnip or Flameshot can be whitelisted, too. Caveat: I don't know if there's anything preventing other apps to pretend to be Spectacle)

Thanks. I've left a comment at https://github.com/privacyguides/privacyguides.org/pull/2690/files#r1707724506, to correct the record about something that wasn't quite accurate there.

Ultimately the problem here is that apps offering a rich UX for things covered by the portal system aren't well-supported by it. Spectacle is only one example; another one is OBS, which expects to have total control over every aspect of screen recording, and to not have to ask permission for every single thing you use it for one at a time.

The portal API simply wasn't designed with apps like these in mind. Instead it was designed for apps with a more minimal UI, where the thing you use it for is to take *some* kind of screen or record *some* kind of screen activity, and then the portal UI is used to let you negotiate the specifics. For apps where you choose the specifics in the app itself, this doesn't make sense, and ruins their UX — leading to bug reports, negative reviews, public complaints, etc.

This is why you see both KDE and GNOME figuring out their own way to bypass these restrictions. In our case, opening a screenshot backdoor for Spectacle. In their case, adding a dialog to whitelist whole apps that want to take screenshots. These developments indicate fundamental flaws in the design of the portal API, IMO.