Is flatpaking all apps sufficient to avoid the security concerns of X11?

Joined
Aug 21, 2023
Messages
33
Reaction score
8
Credits
296
Hey, so I use linux mint, I love the experience, however lately i have been reading and seeing how x11 allows a rouge app to log keystrokes, considering a few months ago I saw an app have malicious code inserted, I feel the need to make sure I am diligent in securing my system. Although I could switch to a distro supporting wayland, id rather see if theres other options because I really feel that Linux Mint is digital “home” and ive finally stopped distro hopping and found contentment and productivity in using it.

all that to say, does flakpak sandbox apps? and does that sandboxing prevent screen recording/keylogging of a rouge app? (i forget which one recently had a security issue, i think it was firefox, but i honestly cant remember.)

if flatpaking every app prevents them from being able to keylog or ect then id be much more at ease. i do everything on my linux device, christmas shopping, banking, ect.

Someday when wayland is natively supported by LM id switch to it, but please bear in mind, my laptop has a NVIDIA 3050 and Linux Mint cinnamon is the ONLY distro ive tried that “just works” LMDE doesn’t, I hate ubuntu with a passion so no, the mandatory fedora system update broke my system and refused to work, popos updated the nvidia drivers and broke every app on the system day one of using and refused every method of rollback. I do not have the patience or time to fiddle with Arch, and I dont like using rolling releases, and love stable releases. I have tried other distros, but linux mint was the only that has checked every box. if absolutely necessary I would be willing to someday try setting up a debian install from the ground up, but im happy using Linux Mint.
 


Flatpak does use a secure sandbox.


Having said that newer version of X11 typically don't have the keystroke hole, besides that most newer distro's are using wayland these days, which doesn't have that problem. Are there posts newer than 2019 about X11 keystroke logging?

Keep in mind you'll still have to login ( via X11 or wayland ) to get to your flatpak application.
 
Last edited:
Flatpak does use a secure sandbox.

https://linux.org/threads/appimage-vs-snap-vs-flatpak.50848/
Having said that newer version of X11 typically don't have the keystroke hole, besides that most newer distro's are using wayland these days, which doesn't have that problem. Are there posts newer than 2019 about X11 keystroke logging?

Keep in mind you'll still have to login ( via X11 or wayland ) to get to your flatpak application.
I think it's the combination of using Wayland and Flatpak that increases system security because from what I've read the way Wayland is setup it's sandboxing different functions as well.
 
Flatpak does use a secure sandbox.


Having said that newer version of X11 typically don't have the keystroke hole, besides that most newer distro's are using wayland these days, which doesn't have that problem. Are there posts newer than 2019 about X11 keystroke logging?

Keep in mind you'll still have to login ( via X11 or wayland ) to get to your flatpak application.
thanks for the info! the linked article
is useful.

If you have any links regarding the potential security risks of x11 and if its been updated, please do send them my way.
 
Last edited:
Agreed, again though: my question is if the substantial amount of security risk is removed if I consistently use flatpak- or if trying to get wayland to work on linux mint is necessary.
 


Top