That particular snap is completely empty, so you’re fine. As to the general safety of Snaps: they’re generally safer to install compared to software packages from anywhere other than your distro’s package repositories. The caveat is that if you install a classic
snap (such as by specifying --classic
on the install command, though the software center/snap store didn’t make it clear last I checked) then it still has full access to your system, where most snaps are confined into a strict sandbox preventing them from crawling all over.
Thanks so much for the reply! That’s reassuring to hear! But what exactly do you mean that snap is empty? How did you check that? And why is it empty?
when i installed the app in software centre it said it was 8kb. So I installed something
By inspecting the content of the snap, you can easily do so by running the snap download _snap_id_
command in the terminal, then run less _snap_id_*.snap
to view its content.
For snaps already installed one can find the packages under /var/lib/snapd/snaps or /snap/snap_id/current
Here are the contents of the revision 43 of the snap:
path: "twitterr_43.snap"
name: twitterr
summary: Browse Twitter.com
version: 2.03 -
build-date: 2020-02-26
license: unset
description: |
Use the mobile Twitter experience from the convenience of a desktop
application that works for Windows, macOS, and Linux!
*** Contents:
Parallel unsquashfs: Using 8 processors
3 inodes (3 blocks) to write
drwxr-xr-x root/root 39 2020-02-26 06:29
drwxr-xr-x root/root 32 2020-02-26 06:29 /meta
-rw-r--r-- root/root 259 2020-02-26 06:29 /meta/snap.yaml
drwxr-xr-x root/root 58 2020-02-26 06:29 /snap
-rw-r--r-- root/root 10024 2020-02-26 06:29 /snap/manifest.yaml
-rw-r--r-- root/root 490 2020-02-26 06:29 /snap/snapcraft.yaml
This doesn’t mean that the snap is totally benign, though, as snap apps are automatically updated, and, the superseded old snap revision may contain something else than the current one.
I think this is another case for the proposals here Feature request: Allow user to flag snaps as out-of-date
An app on the store with hundreds of users for over a year, and it literally has no functionality. It reflects poorly on the snapcraft store and is confusing for the users.
For snaps under strict confinement it is confined according to the snap recipe’s declared permissions(we call them interfaces, or plugs) and the store’s own policy(critical permissions are gatekeeped by the store staff to avoid abusing) , one can inspect the snap/manifest.yaml file in the snap to determine which permission the snaps requests, and which is actually granted(connected) by the system via the snap connections
command:
plugs:
config-gallery-dl:
interface: personal-files
read:
- $HOME/.config/gallery-dl
- $HOME/.gallery-dl.conf
desktop: null
dot-netrc:
interface: personal-files
read:
- $HOME/.netrc
etc-gallery-dl:
interface: system-files
read:
- /etc/gallery-dl.conf
home: null
network: null
network-bind: null
removable-media: null
apps:
youtube-dl:
adapter: legacy
command: youtube-dl
environment:
LANG: C.UTF-8
LC_ALL: C.UTF-8
LD_LIBRARY_PATH: $SNAP/usr/lib/x86_64-linux-gnu/pulseaudio
plugs:
- home
- network
- opengl
- removable-media
$ snap connections youtube-dl
Interface Plug Slot Notes
home youtube-dl:home :home -
network youtube-dl:network :network -
opengl youtube-dl:opengl :opengl -
removable-media youtube-dl:removable-media - -
For the example above the removable-media
interface is not connected, meaning that the snap application can’t access your external drives mounted under /mnt or /media. You may check out the entire list of supported security confinement interfaces (and their definition) at https://snapcraft.io/docs/supported-interfaces
For snaps you particularly not trust you may specifically disallow their access to certain resources by using the snap disconnect _snap_name:_interface_name_
command. For example you may fully disallow the youtube-dl snap to access your files under the home directory by running snap disconnect youtube-dl:home
in the terminal.
Note that not every interfaces declared by the snap is auto-connected(granted by default), for sensitive interface connections the publisher must be vetted by the store staff before they are made auto-connectable. Refer Process for aliases, auto-connections and tracks for the actual process.
I do find that downloading specified revision is not allowed though, meaning I can’t inspect what’s actually in the snap in the past:
snap download twitterr --revision 20
Fetching snap "twitterr"
error: cannot download snap "twitterr": Access by specifying a revision is not allowed for this Snap.
Wow, lots of very in depth replies thanks so much for taking the time! Really appreciate it. I’m not as technical a user of ubuntu that I understood everything haha .But like from a security perspective what should I do? I realize I messed up by downloading an inactive weird app. I wasn’t paying attention to what I was doing sigh. You think I’m good having just removed the app via software centre user interface?
Like should I be worried about malware even after having removed the app?
I’d say that you should be quite safe as by default the snap can’t do many things other than stealing your regular documents (the home
and the network
interface allow them to do so, both are auto-connected due to common usage and lack of granular access technologies) and wasting your computational resources(like mining cryptocurrency).
They cannot:
- Steal your SSH/GnuPG private keys(~/.ssh/…, ~/.gnupg/…) (as the
home
interface doesn’t allow access to hidden files right under your home directory) - Modify most of your application configs(~/.config/…) (not allowed by the
home
interface for the same reason) - Access most of your application data (~/.local/…, ~/.app_id) (not allowed by the
home
interface for the same reason) - Modify startup scripts(~/.bashrc, ~/.profile, …) to make them persistent after removal (not allowed by the
home
interface for the same reason)
I would suggest that you should only concern your important, non-encrypted documents in your home directory( ~/Documents, ~/Downloads ) and take actions when necessary (like revoking the keys/credentials).
I’m sorry I don’t quite understand. So even after having removed the app my personal documents could be at risk? . Could you explain more what you mean by taking action when necessary?
I’m not a technical user, I just want to use FOSS and not windows or mac. But I’m not even close to a power user. I have used xbuntu for years and just got this second hand thinkpad and got the store to put it with just ubuntu mate. Really love it. But like, if my documents are in jeopardy now because i installed and removed a snap, I’m thinking I’m gonna go to the store and get a reinstall of MATE. Cuz I don’t want my documents to be at risk. Wish I didn’t have to , but I’ll do what I have to do if it’s warrented.
I’ve been fine all these years with ubuntu, and now I decided to use snapstore and have potentially put my documents at risk. I know it’s my fault for not paying attention to what I was doing. But like, I dunno I felt safe on the store.
Well if the malware is really executed they can really pack and upload your ~/Download and ~/Documents folders to the attacker’s server, consider the files were leaked already if they are that important.
If you only installing it but NOT launching it via the application launcher or terminal you should be safe.
Thanks a lot for the input Lin-Buo-Ren! I really appreciate it . I didn’t execute it. I installed it, searched for it in menu, couldn’t find it. Scrolled down to the reviews, saw the warnings “fake app” and “don’t download”. I then clicked remove app through the same software centre interface i installed it from. Now if I type snap list in the CL I don’t see twitterr listed.
In the software centre interface there wasn’t even a button to launch it as there usually is when installing apps there. Couldn’t launch it thankfully
Well the same applies to any other thirdparty software sources like PPAs and it has even more power to do malicious things than snaps (e.g. The Debian packages’ installation script is actually run as root and has unrestricted access to your system).
As the sandbox technology advances the exploits will be smaller due to more granular control of access (for example the new XDG desktop portals eliminates the requirement of open up access to most of your personal files via only allow access to the files user-specified to the applications).
According to the metadata of the latest snap revision the snap doesn’t provide any entrypoints to launch it with, which is probably why you can’t find it anywhere .
that will be bad if my documents have been uploaded to an attackers server though…
I would like to ping the @store fellows to check whether the previous revisions of this snap is fine, also to evaluate whether to unlist/unpublish the snap due to the suspicious naming and lack of implementation.
Setting the topic to the #store category as it requires store staff’s attention.
If it was malicious wouldn’t they have wanted me to launch it? strange they didn’t provide any entrypoints to launch.