SUMMARY Kwin identifies application using the application provided app_id, whereas on GNOME the sandbox provided one takes priority. Possible use case is to group all windows with a sandbox provided app-id to prevent generic icon or malicious applications spoofs their identity as other apps. Also without stable window mapping background portal can terminate applications mistakenly STEPS TO REPRODUCE 1. Install KDE and gtk4-demo on Arch 2. Install aur/portable and aur/wechat 3. Run `wechat.sh --actions debug-shell connect-tty` to enter the sandbox, and then start gtk4-demo inside the sandbox. OBSERVED RESULT The window is not mapped to aur/wechat's desktop file, instead it shows as GTK demo. EXPECTED RESULT Like GNOME, the app is shown as WeChat with WeChat's icon. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Arch Linux rolling KDE Plasma Version: 6.3.3 KDE Frameworks Version: 6.12.0 Qt Version: 6.8.3
>Like GNOME, the app is shown as WeChat with WeChat's icon. Having gtk4-demo appear as wechat doesn't exactly sound right either! I would bet Gnome devs get bug reports on that too. It's always a tough balance when it comes to security and user-centric goals. Given we support client provided icons anyway, I'm not sure we gain too much from this. > Also without stable window mapping background portal can terminate applications mistakenly Was that something you saw with our portal? I didn't think we did that.
> Having gtk4-demo appear as wechat doesn't exactly sound right either! I would bet Gnome devs get bug reports on that too. It's just a demo that applications inside the sandbox is able make themselves like they're another application's window, aka spoofing .desktop file name, which can be a security issue? > Was that something you saw with our portal? I didn't think we did that. Obsidian sandboxed by portable can be terminated incorrectly if the background permission is disabled.