Open Store's warning sucks big. Can we have a "Safe Store"?

Photojoe4

So, you can't be trusted to not download an app that you've been warned about? One of the things that appeals to me most about using a Linux system (phone or computer) is that it puts ownership back in the hands of the user- if you break your system YOU can fix it. And luckily there's also a great community that will help you if it does break

MarkG_108

@Photojoe4 Whether or not I (or anyone) decides to take risks is fine. But there should be a safe option for downloads as well. With Debian, there's "stable", "testing", and "sid" (aka unstable). Many choose not to install packages from "sid" and stick with "stable", to remain more safe.
In this case, with Open Store, there only seems to be one option, that being the potentially system breaking, performance reducing spying option. Where's the stable option?

TotalSonic

@MarkG_108 said in Open Store's warning sucks big. Can we have a "Safe Store"?:

@Photojoe4 Whether or not I (or anyone) decides to take risks is fine. But there should be a safe option for downloads as well. With Debian, there's "stable", "testing", and "sid" (aka unstable). Many choose not to install packages from "sid" and stick with "stable", to remain more safe.
In this case, with Open Store, there only seems to be one option, that being the potentially system breaking, performance reducing spying option. Where's the stable option?

The descriptions in the Open Store tells you exactly what permissions every single app requires. Once again - the vast majority of apps within the Open Store are confined. Once again - if an app is unconfined it is explicitly made known. YOU can choose which ones you want to install.

As for Ubuntu Touch OS itself - there is indeed a Stable channel, a Release Candidate channel (which receives tested weekly updates, and which I use with no problems for my daily driver device), a Developer channel (which receives mostly tested daily updates, but can once in a while have some regressions), and an "Edge" channel (which uses untested bleeding edge stuff).

Best regards,
Steve Berson

MarkG_108

@TotalSonic You're correct Steve. The OS, with the basic apps, comes with these options. Still, the apps store just being one group with such an ominous warning is...well...it is what it is, I suppose.

TotalSonic

If they were honest - both Google Play Store and Apple iOS App Store would come with gigantic ominous warnings for tons of apps as well - but they don't, even though you have way more to be concerned from the likes of them. I appreciate the blunt frankness, that UBports gives instead.

Best regards,
Steve Berson

Lakotaubp

@MarkG_108 On a different note I have taken the liberty to alter one of the words in your question. Can we please not use swear words on the Forum. Thank you

arubislander

@hummlbach said in Open Store's warning sucks big. Can we have a "Safe Store"?:

Maybe a switch in the settings to hide unconfined apps would suit your needs?

I cannot speak to the needs of the OP, but he above suggestion does seem to go a long way to addressing the concerns raised. If the OP agrees maybe they could submit a feature request to this effect against the OpenStore?

Emphrath

@MarkG_108 stable doesn't mean safe . It means stable. By the way Debian is one of the oldest GNU projects out there and there's no way one can compare such an open source mastodon, with tens of hundreds of contributors over decades, to sth as young as ut - which yet vastly benefits from debian code, but not yet from its whole community !

bhdouglass

@MarkG_108 I've created an issue to improve the user experience around this popup and unconfined apps: https://gitlab.com/theopenstore/openstore-meta/issues/249

dobey

@MarkG_108 With Debian, given your example, there is no safe option. In fact, by definition, every .deb will be less safe than all unconfined clicks, because every time you install a debian package, you are giving its creator full root superuser access to your system. With .click packages, especially on UT, they still cannot directly install files into any place in the system, nor do they get to provide pre/post install/remove scripts which are run as root user. Even the most unconfined .click is still significantly more confined than any .deb package is.

Granted, yes, the language in the warning is perhaps a bit scary, and shouldn't be the first thing seen, only once when opening the app, but at least you get some warning. With traditional PC Linux distributions, you get no warning. You only have the implied trust and assumption that the software you're running won't (or maybe can't, depending on one's level of understanding) do anything harmful. But that is simply a lack of understanding, and nobody having told you of the possible breaches of trust that can happen.

dobey

@TotalSonic said in Open Store's warning sucks big. Can we have a "Safe Store"?:

If they were honest - both Google Play Store and Apple iOS App Store would come with gigantic ominous warnings for tons of apps as well - but they don't

Well, they do, but the wording isn't scary, and you need to understand the permissions systems to be able to understand what's being asked for when installing apps; but people aren't taught to understand this.

Also, the Ubuntu Touch security model is largely based on what iOS does here, so they are quite close, though I don't think iOS has an unconfined profile like we do.