Suspicious "Twitterr" snap requires attention (was: Are there risks associated with installing random snaps?)

I’m sorry I don’t quite understand. So even after having removed the app my personal documents could be at risk? . Could you explain more what you mean by taking action when necessary?

I’m not a technical user, I just want to use FOSS and not windows or mac. But I’m not even close to a power user. I have used xbuntu for years and just got this second hand thinkpad and got the store to put it with just ubuntu mate. Really love it. But like, if my documents are in jeopardy now because i installed and removed a snap, I’m thinking I’m gonna go to the store and get a reinstall of MATE. Cuz I don’t want my documents to be at risk. Wish I didn’t have to , but I’ll do what I have to do if it’s warrented.

I’ve been fine all these years with ubuntu, and now I decided to use snapstore and have potentially put my documents at risk. I know it’s my fault for not paying attention to what I was doing. But like, I dunno I felt safe on the store.

Well if the malware is really executed they can really pack and upload your ~/Download and ~/Documents folders to the attacker’s server, consider the files were leaked already if they are that important.

If you only installing it but NOT launching it via the application launcher or terminal you should be safe.

Thanks a lot for the input Lin-Buo-Ren! I really appreciate it :slight_smile: . I didn’t execute it. I installed it, searched for it in menu, couldn’t find it. Scrolled down to the reviews, saw the warnings “fake app” and “don’t download”. I then clicked remove app through the same software centre interface i installed it from. Now if I type snap list in the CL I don’t see twitterr listed.

1 Like

In the software centre interface there wasn’t even a button to launch it as there usually is when installing apps there. Couldn’t launch it thankfully

Well the same applies to any other thirdparty software sources like PPAs and it has even more power to do malicious things than snaps (e.g. The Debian packages’ installation script is actually run as root and has unrestricted access to your system).

As the sandbox technology advances the exploits will be smaller due to more granular control of access (for example the new XDG desktop portals eliminates the requirement of open up access to most of your personal files via only allow access to the files user-specified to the applications).

According to the metadata of the latest snap revision the snap doesn’t provide any entrypoints to launch it with, which is probably why you can’t find it anywhere :wink: .

that will be bad if my documents have been uploaded to an attackers server though…

I would like to ping the @store fellows to check whether the previous revisions of this snap is fine, also to evaluate whether to unlist/unpublish the snap due to the suspicious naming and lack of implementation.

Setting the topic to the #store category as it requires store staff’s attention.

1 Like

If it was malicious wouldn’t they have wanted me to launch it? strange they didn’t provide any entrypoints to launch.

and can I assume the ability to remove the app, which I apparently had through software centre interface, was legit?

As far as I can tell the recipe looks like its copied from a tutorial, maybe it’s just a novice packager testing out an empty snap and published it with suspicious metadata.

Not sure though, we should wait for the store staffs to verify all the snap revisions the publisher published before jumping to conclusions.

It is legit as it communicates to the same snapd daemon via its backend. You may also remove the snap by running the snap remove _snap_id_ command in a terminal.

so in this case I would run snap remove _snap_id_twitterr ? But I don’t see it listed amongst my snaps when i run snap list so i guess i’ve got rid of it. I just hope installing it didn’t compromise my documents that would really suck.

snap remove twitterr to be accurate :wink:

Some additional details according to the snap publisher’s info(may be fake):

According to the assuming project’s issue tracker, the publisher had attempted to publish the application via snaps but not succeeded: I can’t find and can’t run twitterr · Issue #1 · KorbsStudio/Twitterr

I’ve pinged the seemed-to-be publisher on Twitter to see whether they can do something about it.

thanks a lot for the time you’ve put towards helping out with this. It’ll be nice for the sake of all the users of snapstore to know what’s the deal with the app. You’ve been super helpful Lin-Buo-Ren!

The name is so similar and the profile photo lead me to not even look to the info or reviews I stupidly just hit install didn’t even realize the letters. Oh well. But it’ll be nice to know if any of us who have downloaded the app need be worried or not.

1 Like

I’m fairly certain that the Snap is not malicious, though I can’t verify 100% because I can’t check previous versions as @Lin-Buo-Ren mentioned. I think on balance that you’re most likely safe and have not had anything compromised.


I’ve downloaded every revision of the twitterr snap, and there’s nothing other than a snap.yaml, manifest.yaml and snapcraft.yaml in them. It’s inert, likely an unfinished project, with an incorrect or incomplete packaging configuration. Nothing to see here.


Thank you very much for looking at every revision! I really appreciate it! It’s nice to know there is nothing to worry about!

1 Like