Prompting Client is the latest security effort for snap software, and acts as a companion to the new desktop Security Center app.
As you may have read in my article last week, Prompting Client is a security buffer — think doorman — that guards your home folder. Whenever a snap app wants to access non-hidden files within, Prompting Client intervenes to ask you to approve.
I’d been tracking this tool’s development for a while but there wasn’t really a lot of explanation or rationale behind it on the project’s Github, and some of the links in commits and issues filed by Canonical engineers were protected.
Today, Canonical has revealed more details about this (presently experimental) security feature.
When a snap app tries to access something outside of its sandbox a dialog (built using Flutter, Ubuntu’s default app toolkit) appears to ‘prompt’ you into reviewing and authorising the permissions it seeks.
The permission prompt has two modes:
- Simple prompt screen (default)
- Advanced options (for fine-grained control)
Canonical describes the new interstitial permission requests as being a “critical tool for privacy and security conscious users to control, manage and understand the behaviour of applications running on their machines”.
You can see these “nag” screens in action in the following GIF, where trying to save an image from the browser to a Home folder directory triggers 2 permission prompts: one to give Firefox read (and write) access to mu Home folder, the next to give write access for the file I want to save:
Snaps already use cross-distro/format XDG Desktop Portals to control permissions, but Canonical’s home-grown prompting effort “distinguishes itself […] by enabling fine-grained access control over unmodified binaries without requiring changes to the application code.”
How? By using Ubuntu’s (now very) stringent AppArmor security mechanism. This is what allows it to force all snap apps to adhere to the controls and permissions given by the user, which is a good thing.
In effect, prompting gives Ubuntu users yet another layer of control over snap app permissions, the folders and file paths they can access, and for how long.
For instance, you can give permissions one-time, restrict access to specific folders or file types, and set permission to read only – depending on your needs.
Further improvements, including broadening the scope of prompts to cover more than home folder access, are panned for future Ubuntu releases.
Prompting will not be enabled by in Ubuntu 24.10 by default, but it will be available as an experimental, opt-in feature, accessed by a toggle in the new desktop Security Center app — which is being ‘seeded’ in Ubuntu 24.10 (i.e., preinstalled).
An update to AppArmor and snapd packages are set to roll out to Ubuntu 24.10 daily build users in the coming days (ahead of next week’s beta release) to plumbs in the relevant code required to support prompting functionality.