Manual review of all new snap name registrations

Over the recent weeks, the Snap Store has been under attack by various publishers attempting to upload malicious crypto-wallet applications. The Store team and other engineering teams within Canonical have been continuously monitoring new snaps that are being registered, to detect potentially malicious actors.

To mitigate the risks, we have decided to change the snap name registration flow. As a result, when you register a new snap name, you will experience a different workflow, where manual review is required.

  1. To register a new snap name, you need to go to https://dashboard.snapcraft.io/register-snap/

  1. You will be prompted to enter the name and a comment about the purpose or nature of the snap.

  1. Once you enter all the relevant information, your snap name will be submitted for review.

  1. Our engineering teams will review the information provided and make a decision on whether there is anything in it that looks suspicious. They may reach out to the publisher asking for more information.

  2. If the name request passes checks, the name will be granted for the Snap Store. If the snap the name request is for is suspected as being malicious, or is crypto-wallet-related, the name request will be rejected. In both cases, you will receive a notification.

Next week, we will be publishing a policy regarding crypto-wallet and other sensitive snaps. This will include the guidelines for how to publish such a snap. These changes are evolving over time. We do not expect this to be a long-term solution and will post in the forums as new updates are made.

If you are registering a snap using the CLI, you will see the following:

Our engineering teams plan to respond to every request within 2 working days. If you need a snap to be uploaded faster, have any questions or concerns, or wish to appeal the decision, please reach out to us in the forum.

15 Likes