This leads to a false sense of security. A notable issue I found is if you disallow network access to a flatpak, it can still talk to the portal and tell it to open a link in your browser. This allows it to communicate back to a server through your browser even though you disallowed it. Very terrible.
Security should to be dead easy and difficult to mess up. The countless threads I’ve read on flatpak tell me the communication about flatpak’s actual security has been quite terrible, and so it doesn’t fit this category.
My biggest gripe with flatpak is the fact it isn’t sandboxed properly by default.
I’m not referring to vendor-given privileges. Every flatpak, unless explicitly ran with the –sandbox option, has a hole in the sandbox to communicate with the portal. Even if you try to use flatseal to disallow it, it will still be silently allowed.
This leads to a false sense of security. A notable issue I found is if you disallow network access to a flatpak, it can still talk to the portal and tell it to open a link in your browser. This allows it to communicate back to a server through your browser even though you disallowed it. Very terrible.
Security should to be dead easy and difficult to mess up. The countless threads I’ve read on flatpak tell me the communication about flatpak’s actual security has been quite terrible, and so it doesn’t fit this category.