Sandboxing on the Linux desktop is far from common and the flatpak security is kind of a joke [1] [2], unless something changed recently. For starters, it's the application that has to ask to be sandboxed, so if I were to make a malicious flatpak I will just ask for full file system access or d-bus.
I agree the flatpak defaults are not at all secure, as they often let the developer choose what to sandbox. I think this is fair, but the user has recourse: you can globally block all installed flatpaks from having access to a specific resource, even if the app "requests" it.
All my apps by defaults have no /home and no network access. I do this by writing to .local/share/flatpak/overrides/global (per user) or /var/lib/flatpak/overrides/global for the system. I wish this was publicized more. The defacto app for flatpak permissions, flatseal, doesn't have this capability yet to my knowledge.
> For starters, it's the application that has to ask to be sandboxed
Are you sure about this? My belief was that all flatpak apps run inside a bubblewrap (bwrap) sandbox. I just checked and that's exactly how it runs for me.
> so if I were to make a malicious flatpak I will just ask for full file system access or d-bus.
This is done at install time. The application inside the flatpak can't change it on its own. Reputed repositories like Flathub check the permissions and flag them if they are too broad. And you can also change it using something like FlatSeal. This is almost the same permissions model followed by Android.
Flatkill is very out of date and disingenuous. Flathub is very explicit and obnoxious about such unsafe permissions and can easily be modified by the user. It's also amusing that people here claim Wayland is a security theater too while posting about flatpak being bad because it's vulnerable to x11 issues.
No security boundary can prevent bad permissions just like in android.
> It's also amusing that people here claim Wayland is a security theater too while posting about flatpak being bad because it's vulnerable to x11 issues.
They both create an illusion of safety. We all know that X.org had no security model and it sucks. Wayland put restrictions that would make sense if the rest of the desktop ecosystem was made with security in mind, but it wasn't. I've heard way too many claims like "Wayland makes keyloggers impossible" that are technically true but irrelevant in the real world, because a desktop environment is not just Wayland.
Flatpack is also misleading and its sanboxing is just not great, regardless of the problem with X11.
> No security boundary can prevent bad permissions just like in android.
Good bringing this up: in Android the applications ask the user for permissions, in flatpak permissions are granted based on what the developed asked. That's just bad.
[1]: https://flatkill.org/ [2]: https://hanako.codeberg.page/