Hi, there!
Newbie question here: basically, the title. Perhaps what I’m asking is pretty obvious, but I’d like to double-check with the community on this.
I use Discover on my Debian KDE Plasma set-up, with Flatpaks enabled (but not Snaps). Sometimes, I come across apps (I did just yesterday, searching for translation apps to replace DeepL), that have according to its page, an unknown author and, sometimes, even an unkown licence, but which do require access permission to the whole system (this latter requirement applying specifically to Deb packages, from what I’ve seen).
Under these circumstances, is it safe to assume that such apps will still be safe because of the fact that they appear listed on Discover (in other words, is Discover a guarantee of safety for the apps it shows, as in, some type of checked or proved content), or should I still be wary of potentially malicious software included on it?
Thank you very much in advance :)
First-party stuff from your system package manager (things you install from the official repos with APT) are pretty much guaranteed to be safe. But the Snap Store (which uses snaps instead of flatpaks and is not installed by default on Debian) has unknowingly allowed and distributed malicious apps before. Flathub with flatpaks (which I think is enabled by default on Debian) hasn’t had such issues to this day AFAIK, but I would still be skeptical of stuff I install from there, and just not install apps with the Unverified badge on Flathub.
In the case of flatpaks, Flathub shows what permissions an app requests and gives it a kind of arbitrary safety level on its page:
You can click on it to see more information:
You can also use Flatseal to disallow any flatpak app from having certain permissions that you think it doesn’t deserve having.