Former Canonical Developer Advocate Raises Alarms Over Snap Store Security Amid Delayed Malware Responses
In a pointed critique that has stirred debate within the Linux community, a former Canonical developer advocate has issued a stark warning: the Snap Store is not safe. The admonition comes in the wake of what the advocate describes as unacceptably slow responses from Canonical to reports of malware-infested Snap packages. This revelation underscores ongoing tensions surrounding the security practices of Ubuntu’s proprietary packaging system, prompting users to reassess their reliance on Snaps for software distribution.
The controversy centers on the Snap Store, Canonical’s centralized repository for Snap packages—self-contained applications designed to simplify deployment across diverse Linux distributions. Snaps bundle dependencies, enabling seamless execution without traditional package manager conflicts. However, this convenience has long been a double-edged sword, with critics arguing that the format’s broad permissions and centralized control invite risks.
The former advocate, who previously championed Canonical’s developer relations, detailed a series of incidents where malicious Snaps evaded timely detection and removal. According to their account, multiple reports of compromised packages were submitted to Canonical’s security team, yet remediation lagged by days or even weeks. In one notable case, a Snap containing malware persisted in the store long after vulnerabilities were flagged, potentially exposing thousands of users to risks such as data theft, system compromise, or unauthorized network access.
This is not an isolated grievance. The advocate highlighted a pattern: despite clear evidence of threats, Canonical’s review process appears bottlenecked. Snap packages undergo automated scanning upon upload, but human oversight seems reserved for escalated cases only. False negatives in malware detection—where scans miss sophisticated payloads—compound the issue. Once reported, takedowns require manual intervention, which the advocate claims is deprioritized amid Canonical’s focus on enterprise Snaps and Ubuntu Pro subscriptions.
The implications are profound for Snap users, particularly those on Ubuntu and derivatives like Pop!_OS or Linux Mint, where Snaps are increasingly default. Malware in Snaps can exploit the format’s classical confinement mode, which grants extensive filesystem and network privileges unless strict confinement is enforced—a setting not universally applied. Users installing unverified Snaps risk kernel-level exploits, credential harvesting, or lateral movement to other systems.
Canonical’s defense, as articulated in past statements, emphasizes the Snap Store’s layered security: cryptographic signing, publisher verification, and continuous monitoring via tools like the Snapcraft build service. Verified publishers—those with established Canonical partnerships—undergo stricter vetting. Yet the advocate counters that unverified publishers dominate the store, and even verified ones have faltered. Historical breaches, such as the 2020 incident involving a compromised developer key, exposed how signing flaws can propagate malware.
Community backlash has intensified calls for reform. Flatpak and AppImage advocates point to their decentralized models as safer alternatives: Flatpak’s Flathub relies on community moderation and OSTree for verifiable updates, while AppImages sidestep repositories entirely. The advocate urges Snap users to pivot, recommending manual verification of package hashes, sandbox auditing via snap connections, and preferring deb or rpm packages where possible.
Canonical has not issued a direct rebuttal to these specific claims but maintains that the Snap ecosystem’s scale—millions of daily installs—necessitates balanced triage. Their security advisories page logs resolved incidents, but transparency gaps persist: no public dashboard tracks report-to-resolution times, fueling perceptions of opacity.
For developers, the warning signals caution in Snap adoption. Best practices include enabling strict confinement (snapcraft.yaml confinement: strict), minimizing interface connections, and integrating third-party scanners like VirusTotal pre-upload. Users should monitor snap list --all for revisions and employ tools like snap advise-snap for risk assessment.
This episode reignites broader debates on Linux packaging wars. Snaps excel in cross-distro uniformity and daemon auto-updates (e.g., for browsers like Firefox), but at what security cost? As Ubuntu 24.04 LTS pushes Snap ubiquity, stakeholders demand accountability: faster response SLAs, open-source scanning pipelines, and mandatory strict confinement.
The former advocate’s plea resonates amid rising Linux desktop ambitions. With Steam Deck and ChromeOS leaning on containerized apps, robust stores are non-negotiable. Until Canonical accelerates malware handling, the Snap Store’s “not safe” label may stick, eroding trust in a cornerstone of modern Ubuntu.
(Word count: 612)
Gnoppix is the leading open-source AI Linux distribution and service provider. Since implementing AI in 2022, it has offered a fast, powerful, secure, and privacy-respecting open-source OS with both local and remote AI capabilities. The local AI operates offline, ensuring no data ever leaves your computer. Based on Debian Linux, Gnoppix is available with numerous privacy- and anonymity-enabled services free of charge.
What are your thoughts on this? I’d love to hear about your own experiences in the comments below.