In defense of this warning, when I first put my application on Flathub, I had it because of how file i/o worked (didn't support XDG portals, so needed home folder access to save properly). It did actually motivate me to get things working with portals to not request the extra permissions and get the green "safe" marker.

A lot of apps will always be "unsafe" because they do things that requires hardware access, though, so I could see them wanting something more nuanced.

To be fair, if a naive user is going to get a virus, there's a very high chance a browser will be involved.

I like flatpaks and flathub, but this is just something they do badly. I think as well they also have "probably safe" which is just as unhelpful... And what does "access certain files and folders" even mean!?

I think they should just follow the example of every other app store; list the permissions in an easily understandable list and let the user decide whether or not they are comfortable with it.

If you use Debian-based linux (Ubuntu, Minut, others), Mozilla recommends getting the package directly from their respository rather than flatpak or other repos.

Personally, I saw a major performance increase on my low-powered laptop when I switched from flatpak to the Mozilla package.

https://blog.mozilla.org/en/products/4-reasons-to-try-mozillas-new-firefox-linux-package-for-ubuntu-and-debian-derivatives/

Completely agree. Training normies to click OK on warnings like this is a no-good terrible idea.

This should have been much more well thought out The wording, image, buttons, specific wording for each page.

They really screwed the pooch.

Another 4-6 months minimum before release. But quarterly numbers must be met.

In my opinion, those warnings are not used to help users but to shame developpers for not trully sandboxing and verifying their apps. Developpers know that having this warning will decrease the number of users downloading it. The goal in the long run is to improve app sandboxing and security.

Just reminding folks that just because it's flatpak'd, doesn't mean it's sandboxed. But they probably should add some general click here for more info.

They should be worried. We don't want them comfortable.

So many negative things have entered our culture bc people don't care about dangers. Nearly every app should have a warning

Yes but surely you're aware that even the most new-user-friendly distros and their tools aren't necessarily aimed at new users.

That warning is a perfect example of how Linux developers choose which hill to die on. They post a warning for an app that everyone knows can deliver bad times to two camps of users; those that know and don't care and those that don't understand the warning. If we could quantify the helpfulness of that warning, odds are that it saved 0 users from malicious action from that avenue of attack.

Never expect Linux as a whole to be "helpful" to the new crowd.

Good.

People need to view out of channel software with a hairy eyeball.

Hell, I run Debian all over and it’s absurd that the main repositories don’t do checksums on downloaded packages!

I'm a firm believer that regardless of operating system that a warning message saying that installing something could cause harm to your device definitely makes people think twice about installation if they're not tech savvy (AKA know more than the bare minimum anymore). It's definitely intentional that the large companies responsible scare you away from doing the things you want because they want you locked into doing things the way they want.

those warnings on mint and flathub are so ridiculous, there's no difference between those and official ones, somebody could just as easily put something nefarious in any flatpak

Yesss! It's too aggressive

What does 'user device access' mean?

pretty standard compared to OSs like Android and iOS. i think the mobile OSs, at least recently, have done better at this; they don’t ask for permission until they need it. want to import bookmarks? i need file system access for that. want to open your webcam? i need device access. doing it all upfront leads to all the problems mentioned in this thread: unclear as to why, easy to forget what access you’ve given, no ability to deny a subset of options, etc.

Yes, but also... It's true. Browsers are the number one way folks get viruses.

To be fair, the fact that browsers are allowed to do so much that this warning has to be shown is more an indictment on the current state of browsers (which at this point are almost like installing VMWare and a virtual machine on your computer!) than on something something Firefox or something something Flatpak.