Launch potentially dangerous application in a vm: is anything to borrow from QubesOS, Whonix, etc?

To launch a potentially dangerous app in a VM is quite a natural choice imho. Security-focused OSes like Tails usually hide all information about physical network too, and use Tor.

Since snaps require no dependencies, it may be easier to launch it in a foreign (VM) environment. I can imagine a button “Launch in a VM” for a snap in Ubuntu Software. How much reasonable is that?

snap packages already run in a confined dedicated environment (locked in on top of the core or core18 snaps).

the majority of security features around this design lives directly in the linux kernel (seccomp, namespaces, apparmor, cgroups).

access to devices, the network or any other system ressources is handled via interfaces that you can fully control via the snap connect/disconnect commands

if you would run the same environment inside a VM it would mean you fire up a second kernel (that you will need to maintain), inherit all potential security issues the used VM implementation brings along (hopping over shared memory boundaries where you shouldnt be able to etc) and you use additional system ressources (memory/cpu) to keep the VM running underneath your app.

while it is surely a reasonable approach for systems that do not use a similar concept to snap confinement to secure their applications, over having no security system at all when running the app outside of a VM, i personally think using a VM in the snap case simply adds unnecessary attack vectors (due to running on top of two OSes, additional kernel, potential VM bugs) and wastes ressources that executing snaps normally with similar (if not better) security OOTB does not lavish.