Flatpak Permission Survey on March 3, 2024:

• Found 2020 flatkill.org post and TheEvilSkeleton response while working on yesterday’s post, with the response being hopeful.
• Focused more on productivity applications and those to compare between distro and Flatpak. Biggest concern is that 27 out of 50 popular applications lack --filesystem=host or --filesystem=home.

Popular Applications on Flathub:

• From the first page of popular, top 30 sorted by popularity.
• Columns show Verified (packager's blue check), Security (sandbox permission badge color), and Concerning permissions (selected by the author).
• Examples include Google Chrome with various concerning permissions, most apps having --share=network and many having --device=all or --filesystem=host.
• Noticed --talk-name not shown on Flatpak website and that some permission combinations are not serious without sandbox escape.
• Minor concern about --metadata=X-DConf=migrate-path= not being listed.

Author's Programs of Interest:

• Programs looked at for yesterday's post with a few additions, mostly GNOME/GTK with oddballs.
• Sorted by name, with columns showing Verified, Security, and Concerning permissions.
• Some have --share=network without other problematic permissions, and most missing it have a trivial sandbox escape.
• In this set, only Characters is considered safe with the current information.