I am not a member of the Anti-Snap crowd (although of course the server sources should be open source), but there is obviously a lot to improve. Flathub/Flatpak should also take note!

  • GravitySpoiled@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    10 months ago

    Real tldr: someone downloaded a fake app and was scamed and here are the author’s recommendations:

    • Mandate & verify that all published applications using financial and/or cryptocurrency branding are officially published directly by the upstream developers
    • Change the store so all initial Snapcraft store name registrations are gated behind human review
    • Gate the first month of a new snap uploads behind human review
    • Block all interface connection requests behind a human review, including automatically connected ones like network and home
    • Fully staff the team doing the above to respond to registration, interface connection and upload requests in a timely fashion
    • Send out a clean snap update (as we did in 2018) to all clients that have the scam snaps still installed
    • Publishers should have their ’newness’ on the platform highlighted with a ‘New Publisher’ badge
    • Snaps that are less than $M (2?) months old should have a ‘New Application’ badge
    • Snaps that have fewer than $N (50?) installs should not appear in search results
    • The store should make prominent notes to users that newly published snaps and snaps from new publishers should be viewed with extreme caution
    • Provide better education to users on the risks of installing finance and cryptocurrency software from the Snap store
    • Review and update all wording in graphical and web software store-fronts to ensure users aren’t given a false impression that malware is ‘safe’

    Me: What are your recommendations, dear lemmy users? I bet you can come up with much better recommendations