Flatpak Folder Permissions

[S7venLights]

By default the deezer flatpak has access to the pictures, download and music folder. I removed these permissions using Flatseal before first launching the app and it works just fine without these permissions.

Any insight as to why these permissions are given by default? It is a privacy concern and doesn't seem necessary.

On that point, is 'inter process communication' permission necessary?

[S7venLights]

I saw that deezer now lets you upload your own mp3s, I assume that's why.

Wish there was a way for flatpak to only grant the permission when it's requested. Please still answer about "Inter process communication"

[aunetx]

Hello! That's right, pictures is for letting the user choose its profile picture, and downloads/music folder to upload MP3 (as explained briefly in https://github.com/aunetx/deezer-linux/blob/master/dev.aunetx.deezer.yml).

I could remove these by default, as it only concerns a small part of the users but I think it's more convenient and easy for users not to have to fiddle with flatpak permissions all the time. If flatpak allowed to request for permission instead of granting it by default, I would of course use it.

However, the IPC permission really is necessary for the app to work under X11 (see https://docs.flatpak.org/en/latest/sandbox-permissions.html). For users under wayland it is indeed unnecessary, but same thing as before... I can't expect the user to enable it by himself :/

Thanks for your consideration :)

[S7venLights]

Thanks, enjoying my sandboxed deezer (ツ) all the best

[S7venLights]

Hang on, wouldn't Deezer use the 'Portal' functionality to upload pictures and music even without the permissions? I'll test it later, but piped let's an app access files you choose as a once off, without giving access to the folder permanently. That's how browsers can upload without folder permissions.

[S7venLights]

Okay, it doesn't work by default but perhaps it can be implemented.

However a possible alternative is to give a permission to a custom 📁eg: home/Music/Shared with Deezer

Then add instruction that people can create and copy files to that directory for deezer to access.

[S7venLights]

Edit, I meant to Say Portal earlier, not Piped.

As for a dedicated Deezer folder, I've tested this method and it works. Only issue (Which may just be a Deezer bug) is that it doesn't show if the files uploaded until after a restart.