Announcement

**szymon_g** · 30 September 2023, 01:16 PM

oh i cant wait for the civil and mature comments. i'm off for my popcorn!

**szymon_g** · 30 September 2023, 01:24 PM

Originally posted by Adihash

lol all ubuntu and snap haters in 3 2 1...

In reality all those who had problems have themselves to blame. They decided to install stuff without researching. Greed kills

I don't know exactly how and which packages were bad, but if one goes to the official store one should, somehow, expect that the contributor called in the same way (or very similar) as an official software producer did in fact made that snap.

**user1** · 30 September 2023, 01:34 PM

This isn't the first time the Snap store had something malicious in it (it already had malware a few years ago). While on Flathub, published apps are reviewed by the Flathub community, on Snap Store they're reviewed solely by Canonical. Since Flathub never had such incidents but Snap store did, what's the conclusion of all of this? That Canonical is incompetent / untrustworthy in reviewing apps and that only reinforces the argument of "Snap haters", that the proprietary backend of Snaps is a big flaw.

Btw, why in the world has Canonical even allowed crypto apps in its store?

**Volta** · 30 September 2023, 01:35 PM

Aren't snaps supposed to be sandboxed? Or perhaps, users installed wrong apps and gave their passwords?

**Jonjolt** · 30 September 2023, 01:39 PM

Originally posted by Volta View Post

Aren't snaps supposed to be sandboxed? Or perhaps, users installed wrong apps and gave their passwords?

Having no experience with snaps, would also like to know.

**szymon_g** · 30 September 2023, 01:48 PM

Originally posted by Volta View Post

Aren't snaps supposed to be sandboxed? Or perhaps, users installed wrong apps and gave their passwords?

Snap's (or flatpaks for that matter) 'sandboxing' is a partially baked idea. protects against accidental shenanigas but it's not the greatest against someone who wants to do harm

**gnattu** · 30 September 2023, 01:50 PM

Originally posted by Volta View Post

Aren't snaps supposed to be sandboxed? Or perhaps, users installed wrong apps and gave their passwords?

It is the latter in this case. A fake app pretend to be the official one and then bad thing happened. Such kind of attack is a threat to basically all app stores and require huge manpower to do the manual review for each app. Even Apple does not do this well, but they do require each and every app to be code signed to make it easier to validate the developer's identity.

**user1** · 30 September 2023, 01:51 PM

Originally posted by Adihash

third possibility is that ubuntu is most known desktop distro and thus primary target for scammers.

Don't take me wrong. I love flatpaks and use them. Avoiding snaps even when using ubuntu based distro like KDE NEON these days. Also think that canonical should drop snaps and embrace flatpaks. But, to blame canonical for some scammers using their portal, that's just ridiculous. It only shows how popular ubuntu is on the desktop

Nah, I don't think that's because of the distro. It might still be the most used distro, but It's just a side effect of Snap being preinstalled and enabled by default only on Ubuntu. I mean, have you heard about malware that snuck into Ubuntu repository?

I've heard how some Snap lovers / Canonical employees love to boast about the fact that the Snap Store has much more apps than Flathub. But they don't consider the fact that the Snap Store is filled with unmaintained abandonware. This is yet another proof that Canonical does a terrible job in keeping its store secure and in good condition. And again, it's Canonical's fault that it has allowed crypto apps in its store in the first place, even if they were not malicious.

**Myownfriend** · 30 September 2023, 02:00 PM

Originally posted by Adihash

There will always be scams of all sorts and thus end users are ultimately responsible. Especially linux users should be tech savvy and there is no excuse to install something you did not check before

I was gonna make a joke that somebody was gonna suggest that people should do their own code review of every app they install before installing it because I heard the sentiment on here before. If only I got here faster.

Here's the thing though. You definitely don't do that so I don't know how you can have that expectation of everyone else.

Even if you don't want to put this all on Canonical, claiming they should have none of the blame is ridiculous. You even started with the post with

Even if there is a geniune desire to check everything, you just can't

So why can't you apply this to the end user? Why does Canonical, the ones hosting the package, get a pass.

Now about the fact that it happened with crypto apps... thats just funny lol Crypto bros seem to love getting fucked over

Announcement

Canonical's Snap Store Hit By Malicious Apps

Canonical's Snap Store Hit By Malicious Apps

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment