UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Open Store's warning sucks big. Can we have a "Safe Store"?

    Scheduled Pinned Locked Moved General
    16 Posts 9 Posters 1.6k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
      Reply
      • Reply as topic
      Log in to reply
      This topic has been deleted. Only users with topic management privileges can see it.
      • M Offline
        MarkG_108 @Photojoe4
        last edited by

        @Photojoe4 Whether or not I (or anyone) decides to take risks is fine. But there should be a safe option for downloads as well. With Debian, there's "stable", "testing", and "sid" (aka unstable). Many choose not to install packages from "sid" and stick with "stable", to remain more safe.
        In this case, with Open Store, there only seems to be one option, that being the potentially system breaking, performance reducing spying option. Where's the stable option?

        TotalSonicT E dobeyD 3 Replies Last reply Reply Quote 0
        • TotalSonicT Offline
          TotalSonic @MarkG_108
          last edited by

          @MarkG_108 said in Open Store's warning sucks big. Can we have a "Safe Store"?:

          @Photojoe4 Whether or not I (or anyone) decides to take risks is fine. But there should be a safe option for downloads as well. With Debian, there's "stable", "testing", and "sid" (aka unstable). Many choose not to install packages from "sid" and stick with "stable", to remain more safe.
          In this case, with Open Store, there only seems to be one option, that being the potentially system breaking, performance reducing spying option. Where's the stable option?

          The descriptions in the Open Store tells you exactly what permissions every single app requires. Once again - the vast majority of apps within the Open Store are confined. Once again - if an app is unconfined it is explicitly made known. YOU can choose which ones you want to install.

          As for Ubuntu Touch OS itself - there is indeed a Stable channel, a Release Candidate channel (which receives tested weekly updates, and which I use with no problems for my daily driver device), a Developer channel (which receives mostly tested daily updates, but can once in a while have some regressions), and an "Edge" channel (which uses untested bleeding edge stuff).

          Best regards,
          Steve Berson

          M 1 Reply Last reply Reply Quote 1
          • M Offline
            MarkG_108 @TotalSonic
            last edited by

            @TotalSonic You're correct Steve. The OS, with the basic apps, comes with these options. Still, the apps store just being one group with such an ominous warning is...well...it is what it is, I suppose.

            1 Reply Last reply Reply Quote 0
            • TotalSonicT Offline
              TotalSonic
              last edited by

              If they were honest - both Google Play Store and Apple iOS App Store would come with gigantic ominous warnings for tons of apps as well - but they don't, even though you have way more to be concerned from the likes of them. I appreciate the blunt frankness, that UBports gives instead.

              Best regards,
              Steve Berson

              dobeyD 1 Reply Last reply Reply Quote 0
              • LakotaubpL Offline
                Lakotaubp @MarkG_108
                last edited by

                @MarkG_108 On a different note I have taken the liberty to alter one of the words in your question. Can we please not use swear words on the Forum. Thank you

                1 Reply Last reply Reply Quote 2
                • arubislanderA Offline
                  arubislander @hummlbach
                  last edited by

                  @hummlbach said in Open Store's warning sucks big. Can we have a "Safe Store"?:

                  Maybe a switch in the settings to hide unconfined apps would suit your needs?

                  I cannot speak to the needs of the OP, but he above suggestion does seem to go a long way to addressing the concerns raised. If the OP agrees maybe they could submit a feature request to this effect against the OpenStore?

                  πŸ‡¦πŸ‡Ό πŸ‡³πŸ‡± πŸ‡ΊπŸ‡Έ πŸ‡ͺπŸ‡Έ
                  Happily running Ubuntu Touch
                  Google Pixel 3a (20.04 DEV)
                  JingPad (24.04 preview)
                  Meizu Pro 5 (16.04 DEV)

                  1 Reply Last reply Reply Quote 0
                  • E Offline
                    Emphrath @MarkG_108
                    last edited by

                    @MarkG_108 stable doesn't mean safe . It means stable. By the way Debian is one of the oldest GNU projects out there and there's no way one can compare such an open source mastodon, with tens of hundreds of contributors over decades, to sth as young as ut - which yet vastly benefits from debian code, but not yet from its whole community !

                    1 Reply Last reply Reply Quote 0
                    • bhdouglassB Offline
                      bhdouglass
                      last edited by

                      @MarkG_108 I've created an issue to improve the user experience around this popup and unconfined apps: https://gitlab.com/theopenstore/openstore-meta/issues/249

                      open-store.io && bhdouglass.com

                      1 Reply Last reply Reply Quote 1
                      • dobeyD Offline
                        dobey @MarkG_108
                        last edited by

                        @MarkG_108 With Debian, given your example, there is no safe option. In fact, by definition, every .deb will be less safe than all unconfined clicks, because every time you install a debian package, you are giving its creator full root superuser access to your system. With .click packages, especially on UT, they still cannot directly install files into any place in the system, nor do they get to provide pre/post install/remove scripts which are run as root user. Even the most unconfined .click is still significantly more confined than any .deb package is.

                        Granted, yes, the language in the warning is perhaps a bit scary, and shouldn't be the first thing seen, only once when opening the app, but at least you get some warning. With traditional PC Linux distributions, you get no warning. You only have the implied trust and assumption that the software you're running won't (or maybe can't, depending on one's level of understanding) do anything harmful. But that is simply a lack of understanding, and nobody having told you of the possible breaches of trust that can happen.

                        1 Reply Last reply Reply Quote 0
                        • dobeyD Offline
                          dobey @TotalSonic
                          last edited by

                          @TotalSonic said in Open Store's warning sucks big. Can we have a "Safe Store"?:

                          If they were honest - both Google Play Store and Apple iOS App Store would come with gigantic ominous warnings for tons of apps as well - but they don't

                          Well, they do, but the wording isn't scary, and you need to understand the permissions systems to be able to understand what's being asked for when installing apps; but people aren't taught to understand this.

                          Also, the Ubuntu Touch security model is largely based on what iOS does here, so they are quite close, though I don't think iOS has an unconfined profile like we do.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post