Policy - Restricting sensitive snap categories to trusted publishers

policy
1

Restricting sensitive snap categories to trusted publishers

Policy overview

To strengthen the existing snap content review processes, all new snaps, revisions of existing snaps, and all updates to snap details will undergo review before becoming publicly accessible. This policy is the next step in our continued journey to enhance the Snap Store experience.

Additionally, publishing any new snap revisions or updates to snap details for any kind of sensitive software, such as financial/banking software, will require a Verified Publisher or a Star Developer status from the publisher. We will look to extend the list of criteria for requiring such statuses in the future. These measures supplement the current review processes that snaps go through before being published.

Instructions for publishers

Snaps published in the Finance category, or that perform a sensitive function (e.g. accessing governmental services, dealing with medical records, etc.), are subject to this policy.

Once you upload a revision of your snap or update snap details, there are two possible outcomes:

  1. If no violations of the policy are identified in the new revision you have uploaded, it will be approved and released to the target channel as usual, if requested. Likewise, if no such content is found in an update to snap details, the update will be applied.
  2. If content violating the policy is identified in the revision or snap details, the revision will not pass the review and the publisher will be notified. If the violating content is believed to be of malicious intent, additional actions may be taken - this can include being banned from snapcraft.io. If you would like to appeal this and the content of the snap is not malicious, please email us at security@snapcraft.io explaining why the update should be applied.

Exceptions

There are a small number of exceptions to this policy:

  • Customers using their own Dedicated Snap Store are responsible for the content in their store. This private store is for customer use only, so snaps developed internally by the corresponding customer are trusted.
  • Snaps published by Verified Publishers or Star Developers will not undergo the snap revision review step. These publishers have already undergone individual review by the Snap Store team to determine that they are genuine companies, institutions or community contributors that work closely with us.

This policy is part of our ongoing commitment to maintaining a trusted Snap Store ecosystem. If you see a snap that looks suspicious or harmful, please use the “Report this snap” link in the Details section of the snap listing page and our team will investigate.

For additional information and updates, visit the Snapcraft forum or contact us.

3 Likes