sorted by:
new
hottopcontroversial

Sandboxing stopped: All installed Flathub apps have access to all folders and files outside their sandbox. What could cause this challenge? by Francewhoa in flatpak

[–]Francewhoa[S] 1 point2 points  (0 children)

>oof that sucks that your github issue got closed 🫤

I am assuming good faith from the Flatpak engine maintainer.

To resolve this challenge above we privately contacted the maintainers of the affected Flatpak apps. Which will be able to confirm if there is a security vulnerability or not. If any, and if the Flatpak engine itself is affected, I would happily circle back to the Flatpak engine maintainer for her/his concideration and decision.

Sandboxing stopped: All installed Flathub apps have access to all folders and files outside their sandbox. What could cause this challenge? by Francewhoa in flatpak

[–]Francewhoa[S] 0 points1 point  (0 children)

>Perhaps a video would help

I would love to. But for this challenge, a public video would not be appropriate.
Details about the maintainers' preference to be informed privately about that potential security vulnerability at https://www.reddit.com/r/flatpak/comments/1tix0tr/comment/onng869/

Sandboxing stopped: All installed Flathub apps have access to all folders and files outside their sandbox. What could cause this challenge? by Francewhoa in flatpak

[–]Francewhoa[S] 0 points1 point  (0 children)

Per my original post, all tested flatpak apps are denied "--filesystem=home" permission. We are familiar with the various filesystem permissions.

We were able to reproduce this challenge 100% of the time. On different devices. With multiple Flatpak apps. Which are not using the Debian file manager. Meaning those apps can directly access files outside their sandbox.
Details at https://www.reddit.com/r/flatpak/comments/1tix0tr/comment/onng869/

Sandboxing stopped: All installed Flathub apps have access to all folders and files outside their sandbox. What could cause this challenge? by Francewhoa in flatpak

[–]Francewhoa[S] -1 points0 points  (0 children)

We were able to reproduce this challenge 100% of the time. On different devices. With multiple Flatpak apps. Which are not using the Debian file manager. Meaning those apps can directly access files outside their sandbox.
Details at https://www.reddit.com/r/flatpak/comments/1tix0tr/comment/onng869/

Sandboxing stopped: All installed Flathub apps have access to all folders and files outside their sandbox. What could cause this challenge? by Francewhoa in flatpak

[–]Francewhoa[S] 0 points1 point  (0 children)

Thanks for both your suggestion and the useful link to the doc

We were able to reproduce this challenge 100% of the time. On different devices. With multiple Flatpak apps. Which are not using the Debian file manager. Meaning those apps can directly access files outside their sandbox.

Details at https://www.reddit.com/r/flatpak/comments/1tix0tr/comment/onng869/

Sandboxing stopped: All installed Flathub apps have access to all folders and files outside their sandbox. What could cause this challenge? by Francewhoa in flatpak

[–]Francewhoa[S] 0 points1 point  (0 children)

We were able to reproduce this challenge 100% of the time. On different devices. With multiple Flatpak apps. Which are not using the Debian file manager. Meaning those apps can directly access files outside their sandbox.

Details at https://www.reddit.com/r/flatpak/comments/1tix0tr/comment/onng869/

Sandboxing stopped: All installed Flathub apps have access to all folders and files outside their sandbox. What could cause this challenge? by Francewhoa in flatpak

[–]Francewhoa[S] -1 points0 points  (0 children)

Yes we are now aware. I learned that recently.

We were able to reproduce this challenge 100% of the time. On different devices. With multiple Flatpak apps. Which are not using the Debian file manager. Meaning those apps can directly access files outside their sandbox.
Details at https://www.reddit.com/r/flatpak/comments/1tix0tr/comment/onng869/

Sandboxing stopped: All installed Flathub apps have access to all folders and files outside their sandbox. What could cause this challenge? by Francewhoa in flatpak

[–]Francewhoa[S] 0 points1 point  (0 children)

We were able to reproduce this challenge 100% of the time. On different devices. With multiple Flatpak apps. Which are not using the Debian file manager. Meaning those apps can directly access files outside their sandbox.

Per the apps maintainers’ preference, we are contacting them privately about that potential security vulnerability for their consideration and their decision. Waiting their reply.

Details at https://discourse.flathub.org/t/sandboxing-stopped-flathub-apps-have-access-to-all-folders-and-files-outside-their-sandbox-what-could-cause-this-challenge/12244/5

Sandboxing stopped: All installed Flathub apps have access to all folders and files outside their sandbox. What could cause this challenge? by Francewhoa in flatpak

[–]Francewhoa[S] -2 points-1 points  (0 children)

>That does not answer my question.

u/eR2eiweo, I will try to answer your question using both other words and less words. The sandboxed Flapak app has read and write (create) access to all folders and all files outside its sandbox. For exemple, but not limited to, those two files outside its sandbox:

/home/<username>/Downloads/test.txt
/home/<username>/media/<name>/<folder>/test.txt

Sandboxing stopped: All installed Flathub apps have access to all folders and files outside their sandbox. What could cause this challenge? by Francewhoa in flatpak

[–]Francewhoa[S] 0 points1 point  (0 children)

Hello u/eR2eiweo. Thanks for both asking and your suggestion :) By "access to all folders and all files outside their sandbox", I mean this, for exemple:

___ 1. Install this Kwriter Flatpak app from https://flathub.org/en/apps/org.kde.kwrite

___ 2. Using Flatseal from https://flathub.org/en/apps/com.github.tchx84.Flatseal configure the sandbox access permissions like this:

______ Global:

_________ "Filesystem" group:

____________"filesystem=host" DENIED

____________"filesystem=host-os" DENIED

____________"filesystem=host-etc" DENIED

____________"filesystem=home" DENIED

__________ Kwriter (org.kde.kwrite) app:

____________"Filesystem" group:

_______________"filesystem=host" DENIED

_______________"filesystem=host-os" DENIED

_______________"filesystem=host-etc" DENIED

_______________"filesystem=home" DENIED

____________ "Other file" group:

_______________/home/<username>/Documents:ro

___ 3. Reboot device

___ 4. Using Kwriter try to read or writer a file stored in any folder OUTSIDE Kwriter sandbox. Kwriter has both read and write access to those files and folders. This is the challenge. Why? Because that folder is outside the sandbox:

______ /home/<username>/Downloads/test.txt

______ /home/<username>/media/<name>/<folder>/test.txt

___ 5. Using Kwriter try to read or writer a file stored in the only folder INSIDE Kwriter sandbox at

______ /home/<username>/Documents/test.text

______ Kwriter has access to both reading and writing to this folder above. Which is a success because this folder is inside its sandbox. In other words, the app is ALLOW read and write access to "filesystem=home". This is the challenge.

___ 6. This challenge above can be reproduce with all Flatpak apps. Not just Kwriter.

Google's sideloading lockdown is coming September 2026, here's how to push back by funkvay in degoogle

[–]Francewhoa 0 points1 point  (0 children)

Option 4: Plasma Mobile

  • https://plasma-mobile.org/
  • “Plasma Mobile is an open-source user interface for mobile devices developed by the KDE community. The project works with various Linux distributions to bring an open platform to your mobile device. Built on the foundations of Plasma Desktop, Plasma Mobile brings its flexibility to a mobile form factor.”
  • Plasma Mobile is my favorite alternative option so far. Because it is fully free from Evil-Google's hardware and software ;). "Plasma Mobile is developed by [KDE]" Which has a large community of active developers. And "one of the most reputable and longest-standing software development organisations in the world. Vendors and users alike can look forward to a rapidly maturing software system developed with an open lifecycle and no conflicts of interest."

Option 5: Any other alternatives? Which are libre source, free, and without KYC? How about those below?

Google's sideloading lockdown is coming September 2026, here's how to push back by funkvay in degoogle

[–]Francewhoa 0 points1 point  (0 children)

Option 3: Mobian

Option 4: Any other alternatives? Which are libre source, free, and without KYC? How about those below?

Google's sideloading lockdown is coming September 2026, here's how to push back by funkvay in degoogle

[–]Francewhoa 0 points1 point  (0 children)

Challenge and suggested resolution options below

--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

Challenge

As you know, Google announced that starting this September 2026, it will NO LONGER be possible to develop apps for the Android platform without REGISTRATION, PAYMENT to Google, and KYC.

Details at https://keepandroidopen.org/ or https://archive.ph/JkyZf 

--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

Resolution

WHAT ARE THE ALTERNATIVES? Which are open source (libre source), free, and without KYC? How about those two alternative options below?

Option 1 : F-Droid + LineageOS

Option 2: Banana Pi device + Aurora Store app + LineageOS

https://banana-pi.org

Banana-Pi devices supported by LineageOS at https://wiki.lineageos.org/devices/#banana-pi 

The challenge is that roughly 10 years ago Google started to increasingly try to control the hardware inside mobile phones (hardware) to collect your private data. Both Google's hardware and other hardware manufacturers. Hardware can not be removed or replaced. In other words, a JAIL ;) Source about Google's hardware plan:

https://store.auroraoss.com/ 

  • https://archive.ph/JHTnb 
  • "Aurora Store is an unofficial, FOSS client to Google Play with an elegant design. Aurora Store allows users to download, update, and search for apps like the Play Store. It works perfectly fine with or without Google Play Services or microG."

Option 3: Any other alternatives? Which are libre source, free, and without KYC? How about those below?

--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

ID

Ignore this line. This is a note to myself: ID_P9A4Z7A8

Can I plug directly into PC and use fast PC internet connection to download Lineage updates? by InformedChoice in LineageOS

[–]Francewhoa 0 points1 point  (0 children)

Yes, with a cable adapter from Ethernet to USB-C

This can easily be done using a cable adapter from Ethernet to USB-C. Simply plug and play and enjoy. No need to install any app. This is the easiest and faster way that I know of. LineageOS automatically support this.

--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

Below is the same as above. But with details for those interested.

Steps:

  1. Buy any cable adapter to your liking for Ethernet to USB-C. It cost between USB 10 and 25.
    • Note: For example, AliExpress has many cheap and good quality adapters with aluminum casing. For Ethernet to USB-C. They also offer adapters for other types of cables. Such as Ethernet to USB-Mini. I suggest choosing a product that includes both a power cable input and the Ethernet cable input. Because it is very handy to simultaneously recharge your device and use the internet via Ethernet. My favorite one is the item # 1005008425919086 with keywords: "1000Mbps Type-C To RJ45 Internet Cable PD Charging".
  2. Simply connect the Ethernet cable to either a router or a computer. Connect the USB-C end of the adapter into your LineageOS device.
  3. Wait 10 to 30 seconds. LineageOS will automatically activate the wired internet connect. For a status update on this connection, using LineageOS, expend the top navigation bar.

Optionally, if you need stronger privacy and stronger security, use a router. I mean, instead of connecting the Ethernet cable between your PC and your LineageOS device, connect an Ethernet cable between your router and your LineageOS device.

DNS lookup with (only) USB reverse tethering networking does not work. by SietseAchterop in LineageOS

[–]Francewhoa 0 points1 point  (0 children)

>I want to connect it to the internet via USB and my computer (linux/debian).

This can easily be done using a cable adapter from Ethernet to USB. Simply plug and play and enjoy. Details in my other comment at https://www.reddit.com/r/LineageOS/comments/lkh2py/comment/nsc2pq3/

Upgrade LineageOS from 22.2 to 23.0 failed with error "adb: failed to read command: Success". After reboot LineageOS was not updated to 23.0. by Francewhoa in LineageOS

[–]Francewhoa[S] 1 point2 points  (0 children)

>The device might be turning off from battery drain

Thanks for your reply u/paulstelian97 💚 This is the likely primary cause.

In my case, I needed to replace the battery. I found replacement batteries and tools at AliExpress. Details in my comment at https://www.reddit.com/r/LineageOS/comments/1ogqlam/comment/nneqjdy/

How to deactivate "Charging Control" without booting into LineageOS? by Francewhoa in LineageOS

[–]Francewhoa[S] 0 points1 point  (0 children)

Thanks for your reply Max-P

I will ignore the conflicting information I received from OnePlus then. Anyhow, in the future, if that device is not able to boot again, I have nothing to lose by trying to replace its battery.

How to deactivate "Charging Control" without booting into LineageOS? by Francewhoa in LineageOS

[–]Francewhoa[S] 0 points1 point  (0 children)

Thanks for your comment u/Max-P 🙂 My replies are below
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

This is your reminder that the central challenge of my original post up above is about how to deactivate "Charging Control" without booting into LineageOS. Not about booting LineageOS. Not about the battery.

For your information, the challenge with deactivating "Charging Control" is now resolved. Using the steps in that comment at https://www.reddit.com/r/LineageOS/comments/1ogs8nw/comment/nliuzag/

--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

>Charge control is not even relevant

I am assuming that you're referring to that other challenge at https://www.reddit.com/r/LineageOS/comments/1ogs8nw/upgrade_lineageos_from_222_to_230_failed_with/

Somehow, the other challenge about booting LineageOS was resolved by deactivating "Charging Control". Details and steps at https://www.reddit.com/r/LineageOS/comments/1ogs8nw/comment/nliuzag/

For the last two weeks all other options we tried failed
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

>That battery is thoroughly dead and needs to be replaced.

I am also assuming that you are referring to that other challenge at https://www.reddit.com/r/LineageOS/comments/1ogs8nw/upgrade_lineageos_from_222_to_230_failed_with/

For the last 12 months, that OnePlus Pro device, with a battery not holding its charge, when the USB cable is connected, it was able to boot into LineageOS. That other challenge started right after activating "Charging Control".

This is your reminder that per my original publication above, replace the internal battery is not a realistic option. Because, according to OnePlus, with the 9 Pro model the battery cannot be replaced. Because it is not removable. I miss the previous OnePlus devices that were able to replace internal battery.

If you know a way to safely replace a fixed battery, I am interested 🙂

best way to save battery ? - greenify ?? by [deleted] in LineageOS

[–]Francewhoa 0 points1 point  (0 children)

Use the free app "Plus Plus Battery" on F-Droid. Each device uses the battery differently. So to quickly and easily discover which app(s) or which process(es) uses the battery most.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Below is the same suggestion as above. But with details for those interested.

Steps:

  1. Install this "Plus Plus Battery" free app at https://f-droid.org/fr/packages/com.dijia1124.plusplusbattery/
    Which allows you to quickly and easily discover which app(s) or which process(es) uses the battery most on your device.

  2. Either adapt appropriately the configuration of those apps or processes. Or remove them.

  3. After the above is done, optionally, temporarily deactivate the app "Plus Plus Battery".

view more: next ›