There’s unfortunately been a few instances in the past few months of people abusing the Snap Store to publish cryptocurrency snaps that steal your private keys and by extension money. I.E:
Followed by more recently:
One of the goals of snaps is to sandbox applications. The requirements for classic confinement and auto-connections exist to prevent abuse; but these technical measures cannot prevent against a user willingly giving up their crypto private keys in the context of a Crypto-wallet.
I’m sure that I don’t need to provide much in the way of my opinion given the thread title; I thought I’d try raise some discussion in the community about the specific class of Crypto-wallet snaps, and whether people feel similar to myself, in that they should not be permitted unless verified to be published by an upstream source that is itself trustworthy.
Enforcing this would be difficult, as it’s difficult to profile an application in an automated manner into a distinct class (I.E, automation will struggle to distinguish an Office Suite from a Crypto-Wallet). Leaving a few options
- All snap name registration should be moderated to help identify and prohibit Cryto-wallet abuse.
- All snaps should be denied public listings unless granted permission, leaving them stuck to either private or unlisted
- Nothing should happen directly, but Cryptowallets that are not verified should be forced into private listing upon identification on a case-by-case basis and forced to private listing until reviewed.
These scale down from drastic measures to less drastic, although of course, then scale down from most effective to least effective.
I would personally at a minimum say we should be aiming to verify security critical apps as trustworthy, which Crypto-wallets by definition always are.
Facilitating this kind of abuse casts a blight on the Snap Store itself and by proxy the trustworthyness of the community. Everybody in the community who has contributed positively to build trust and engagement didn’t want to do so to benefit financial crime; but it’s reality that we must confront the situation as is rather than the ideal world we wish we were in.
To bring up a classic comic: https://xkcd.com/1200
If we cannot properly enforce this class of app to be safe via technical measures, I believe it stands to be enforced by policy measures.
In summary, I’m not outright against Crypto-wallets in their entireity. However I do believe that allowing this class of application on the store without verification goes contrary to one of our main goals of making snaps, and as such something needs to change before these events continue to happen.