Ubuntu has quietly overhauled its app permission prompts for Snap packages, bringing a level of granularity and user control that was previously missing. This update, detailed by Canonical engineer Oliver Calder, transforms how users interact with system and hardware access requests. Instead of granting blanket permissions at installation, you now get runtime prompts that ask for access only when needed—similar to what you'd experience on a smartphone. Here are seven crucial improvements that make this feature a game-changer for desktop security and usability.
In this article:
- 1. Runtime Permission Requests
- 2. Mobile-Like Experience on Desktop
- 3. Granular Control Options
- 4. User Empowerment Philosophy
- 5. Snaps Security Overhaul
- 6. Transparent System Access
- 7. Easy Deny and Allow Mechanisms
1. Runtime Permission Requests
The most significant shift is that snap applications now ask for permissions at the moment they need them, rather than during installation. This runtime model means you'll see a prompt only when a Snap actually attempts to access your camera, microphone, or files. For instance, if you open a photo editor and it tries to reach your webcam for a filter, a modal appears asking if you want to allow that action. This on-demand approach eliminates unnecessary permissions granted upfront, reducing security risks and giving you more context for each decision.
2. Mobile-Like Experience on Desktop
Canonical has borrowed heavily from mobile operating systems like Android and iOS. The new prompts display a clear modal dialog asking whether you want to allow a specific app to use a resource, such as “Allow Acme App to access the camera?” Options include “Deny” and “Allow only while using the app.” This familiar interface makes it easier for users accustomed to smartphones to understand and control desktop permissions. It bridges the gap between mobile and desktop security models, offering a consistent and intuitive user experience.
3. Granular Control Options
Beyond simple allow/deny, Ubuntu now offers more nuanced choices. You can grant temporary access that expires when the app closes, or give permanent permission for a specific resource. This granularity is essential for power users who want to fine-tune their privacy settings. For example, you might allow a messaging app to use the microphone only while in a call, but deny camera access entirely. Such flexibility ensures you're not forced into all-or-nothing decisions, enhancing both security and convenience.
4. User Empowerment Philosophy
According to Oliver Calder, the core goal of these improvements is to “empower users.” By putting permission decisions in the user's hands at runtime, Ubuntu shifts control away from developers and package maintainers. Previously, Snap permissions were often bundled automatically, leaving users with little say. Now, each prompt is an informed choice, backed by clear context about why the app needs access. This philosophy aligns with modern privacy expectations, where users demand transparency and agency over their data and hardware.
5. Snaps Security Overhaul
This update is part of a broader security enhancement for the Snap ecosystem. Snaps are already confined using AppArmor and other Linux security modules, but permission prompts add an extra layer of defense. By requiring explicit user consent for sensitive operations, even if a malicious Snap manages to bypass confinement, it still cannot access resources without a prompt. This defense-in-depth approach strengthens Ubuntu's overall security posture, making Snaps a safer choice for installing third-party applications.
6. Transparent System Access
One often overlooked improvement is the increased transparency. After granting a permission, you can easily review which apps have access to which resources. Ubuntu provides a dedicated settings panel where you can see all snap permissions granted or denied. This visibility allows you to revoke access at any time, giving you continuous control. No longer do you have to wonder whether an app is using your webcam in the background—the prompt and settings audit make everything clear.
7. Easy Deny and Allow Mechanisms
Finally, the prompts are designed for quick decisions with minimal disruption. The modal appears as a small overlay, not a full-screen alert, so it doesn't interrupt your workflow. You can click “Deny” and the app will continue without that feature, or “Allow” with a single click. There's also a “Remember my choice” checkbox for frequent permissions. This streamlined interaction ensures that security doesn't come at the cost of usability—making it likely that more users will actually engage with the prompts rather than blindly clicking “Allow.”
Conclusion
Ubuntu's revamped permission prompting for Snaps represents a major leap forward in desktop security and user experience. By adopting runtime requests, granular controls, and mobile-style interfaces, Canonical has made it easier than ever to protect your privacy without sacrificing convenience. Whether you're a long-time Ubuntu user or new to Linux, these seven enhancements give you the tools to manage app access intelligently. As the Snap ecosystem continues to grow, this feature will be essential for maintaining a safe and trustworthy computing environment.