You need to think about the background problem here.
When Google made Android, it was web based. Their “perfect sandbox” ironically has no internet toggle. They won tons of marketshare, and iOS is not different here, both restrict apps to containers and have permission systems to reach out of these containers to access sensors, files and other data.
Desktop operating systems are way older and have no such concept. We have mandatory access control with SELinux and Apparmor, but those are (I think) more complicated than Flatpak.
Flatpak is a solution for multiple problems of Desktop Linux Apps at once.
isolate apps with a real permission system
make apps run anywhere
have a single platform to target, so we dont need packagers anymore (for most GUI apps) and can file bugs upstream
separating apps from the system: stable distros can have modern apps (similar to Windows) and Apps dont affect the stability of the OS at all. Also config files of such apps are in their container, not bloating your “oh so good xdg basedir”
These are all extremely important points for a healthy, modern and secure Linux Desktop.
But there are also issues to every point:
most apps are not adapted to this model, which means they need broad static permissions like Pulseaudio, home or even host, allowing surveillance or trivial (even documented) privilege escalation. This is basically how apps like Flatseal work. Pulseaudio has no portal, do apps can listen to your mic whenever they want.
Apps that “run everywhere” will not have distro-specific optimizations. The system needs to run on old LTS kernels to be universal, which means you miss out on tons of optimizations. Developers could just not care, but this depends on the app.
Flatpak is more complicated than Snap (or even Appimage, if you leave the manual signing, monitoring vulnerable libraries and having a manual repo out). So it is not a great experience for “the Linux packaging model”. GNOME Builder is a good IDE for it but afaik only for GTK apps.
No issues here. This is the core princible of “immutable” distros like Fedora Atomic Desktops.
If you have issues with flatpaks, you need to be more specific. Maybe it is a packaging issue, or you expect an app to do stuff that is not
You need to be more specific.
You need to think about the background problem here.
When Google made Android, it was web based. Their “perfect sandbox” ironically has no internet toggle. They won tons of marketshare, and iOS is not different here, both restrict apps to containers and have permission systems to reach out of these containers to access sensors, files and other data.
Desktop operating systems are way older and have no such concept. We have mandatory access control with SELinux and Apparmor, but those are (I think) more complicated than Flatpak.
Flatpak is a solution for multiple problems of Desktop Linux Apps at once.
These are all extremely important points for a healthy, modern and secure Linux Desktop.
But there are also issues to every point:
home
or evenhost
, allowing surveillance or trivial (even documented) privilege escalation. This is basically how apps like Flatseal work. Pulseaudio has no portal, do apps can listen to your mic whenever they want.If you have issues with flatpaks, you need to be more specific. Maybe it is a packaging issue, or you expect an app to do stuff that is not