Every article tag can be clicked to get a list of all articles in that category. Every article tag also has an RSS feed! You can customize an RSS feed too!
We do often include affiliate links to earn us some pennies. See more here.

After repeatedly suffering issues with scam apps making it onto the Snap Store, Canonical maker of Ubuntu Linux have now decided to manually look over submissions.

I've covered the issues with the Snap Store a few times now like on March 19th when ten scam crypto apps appeared, got taken down and then reappeared under a different publisher. Also earlier back in February there was an issue where a user actually lost their wallet as a result of a fake app. Multiple fake apps were also put up back in October last year as well, so it was a repeating issue that really needed dealing with properly.

So to try and do something about it, Canonical's Holly Hall has posted on their Discourse forum about how "The Store team and other engineering teams within Canonical have been continuously monitoring new snaps that are being registered, to detect potentially malicious actors" and that they will now do manual reviews whenever people try to register "a new snap name".

On top of that soon they will also be releasing a new policy regarding "crypto-wallet and other sensitive snaps" with "guidelines for how to publish such a snap". Currently all of this is not supposed to be long-term, as it's an evolving situation.

Hopefully this will begin to put an end to scam apps making it into the Snap Store and onto machines running Ubuntu and any other Linux distribution that enables Snap packages.

Article taken from GamingOnLinux.com.
11 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
21 comments
Page: 1/2»
  Go to:

Szkodnix Mar 28
Took them long enough
popey Mar 28
Finally.
elmapul Mar 28
"Canonical maker of Ubuntu Linux have now decided to manually look over submissions."
wait isnt that the reason why we have repos in the first place?
if no one is looking at the code what is the point?
Kimyrielle Mar 28
I guess curated app-stores are more secure if they're actually curated?
I still don't understand why anyone would expect things to do with crypto not to steal your money. Seems like normal expected behaviour to me.
pete910 Mar 28
View PC info
  • Supporter Plus
Or all the distros could just go back to ya know, the method of the signed packages it the repos

Instead of reinventing the wheel three times !
pilk Mar 28
I'm glad they're finally doing this, but this should've been implemented, at the very least, after the first time this happened.
redneckdrow Mar 28
Or all the distros could just go back to ya know, the method of the signed packages it the repos

Instead of reinventing the wheel three times !

Amen! Amen! Amen!

Now, to paraphrase from that movie, I need to get some food in my Methodist stomach!
I'm glad they're finally doing this, but this should've been implemented, at the very least, after the first time this happened.
In 2018?
Geppeto35 Mar 29
Snap in three drawings
!snap
CyborgZeta Mar 29
No offense to people who like cryptocurrency, but I remain highly distrustful of crypto.
  • Supporter Plus
Liam has been waiting a long time to be able to put "Oh Snap!" in his headline for snap apps.
hardpenguin Mar 29
Shame on them, they should have done that from the very beginning.
No offense to people who like cryptocurrency, but I remain highly distrustful of crypto.
I don't understand why. Crypto's value is just as reliable as any other traded commodity with neither any inherent value whatsoever nor any institutional backing. And it has no more scammers than anything else completely dependent on a get-rich-quick mentality to keep it afloat.


Last edited by Purple Library Guy on 29 March 2024 at 5:47 pm UTC
redneckdrow Mar 30
No offense to people who like cryptocurrency, but I remain highly distrustful of crypto.
I don't understand why. Crypto's value is just as reliable as any other traded commodity with neither any inherent value whatsoever nor any institutional backing. And it has no more scammers than anything else completely dependent on a get-rich-quick mentality to keep it afloat.

Yup, and its created an internet boom-town more dangerous than Dodge (or should that be Doge) City circa 1883! Even more unregulated than the cattle trade circa 1883 too!
sprocket Mar 30
Long overdue.

This issue (malicious software that is freely available) is precisely why you do not grant your users nearly unchecked access to repositories, and why 3rd party repositories are a dangeous thing.

For the record, this also applies to the Arch AUR, Ubuntu PPAs, Fedora COPR and RPMFusion, OpenSUSE OBS, and even Flathub.


Last edited by sprocket on 30 March 2024 at 3:25 pm UTC
Canonical in 2014: Ah Linux is too niche, we do not need any kind of review how bad can it be?

Canonical in 2024: Oh Snap!
slaapliedje Mar 31
Canonical in 2014: Ah Linux is too niche, we do not need any kind of review how bad can it be?

Canonical in 2024: Oh Snap!
No software distribution model is perfect... that being said, the Snap Store has had this happen continually for more than 5 years. You know what happened after the repos for Debian and RH were compromised? They locked that down, created new ways to sign packages, enforced the build servers to sign everything and do some automated checking for things, etc. That is the correct response to something like this. Canonical waiting so long to, 'oh, I suppose we should check these, eh?' is pretty sad state of affairs.
Zelox Apr 1
Damage is already done, and it’s a bit too late.
There can still be harmful apps in the snap store, but I feel that this is there last chance. If any harmful app appears again in the store even with manual reviews, it’s over.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register