Not the first time this has happened, but recently the Snap store from Canonical hosted a scam bitcoin app that claimed to be Exodus wallet that caused a user to lose money.
People download and run completely opaque AppImages from god knows where and that’s better than Snap Store which is hit with malicious apps so rarely it’s actual news
Flatpak also has a system where any scammer and malicious developer can just roll their own flatpak repo and voila, nobody can stop them. If it ever becomes mainstream, it’ll be a shit show worse than Google Play
Anyone can create an apt repo and the override your system packages with new versions.
At least with flatpak only the applications you installed from the bad actor’s repo would be affected, though obviously they can still have a ton of malicious dependencies
People download and run completely opaque AppImages from god knows where and that’s better than Snap Store which is hit with malicious apps so rarely it’s actual news
Flatpak also has a system where any scammer and malicious developer can just roll their own flatpak repo and voila, nobody can stop them. If it ever becomes mainstream, it’ll be a shit show worse than Google Play
You’re pretty much just rehashing a possible apt repo “vulnerability,” but at least with flatpak they remember where each package was installed from.
What?
Anyone can create an apt repo and the override your system packages with new versions.
At least with flatpak only the applications you installed from the bad actor’s repo would be affected, though obviously they can still have a ton of malicious dependencies
This does not invalidate anything I’ve said
I wasn’t trying to, just pointing out that it was nothing new