I don't like installing apps outside my distro's official repositories.
Linux's security relies a lot on having a repository meticulously curated and tested for library compatibility with current distro version, stability and security.
Once I installed, from outside repos, a fancy terminal emulator that mimicked retro green/amber phosphor monitors. This app wreaked havoc in my system and I had to reinstall Ubuntu.
I hesitate a lot about using PPAs as well.
I only trust very few external sources, PPAs or packages downloaded from websites.
But now Snap and Flatpak seems to be all the rage in Ubuntu-specialized sites.
- Is it safe to install Snap apps or Flatpak apps?
- Are there official repos for such?
- How is stability taken cared of with this non-apt stuff?
Snaps have the https://snapcraft.io/ repo. This is run by Canonical, the same people that build Ubuntu.
Flatpaks have an official repo at https://flathub.org/ . Flatpaks were developed by Redhat but I don't know if they manage the flathub repo or not.
Stability
The stability of the individual packages, of course, rely on the quality of the build and are at the mercy of the maintainer.
Both flatpaks and snaps are built completely using the dependencies they need inside a sandbox but both handle this a little differently
Snaps build a mount point and the system mounts the program archive and runs it from there.
Flatpaks are built in
/var/flatpak/
for system-wide (global) installs and in~/.var/app
on the local side. It mounts those and runs them.The good news about stability is that if you get a wonky application in either it is contained and will not make the rest of your system unstable by installing libraries that cause conflicts with other installed apps.
Both are self-contained applications with all the needed information to run. This is what makes this distro-agnostic and allows them to be installed on any Linux system that supports them (flatpak or snap)
Security
This is a little more ambiguous.
Snaps only have the official repo. There was one reported case of malware getting into the repo but it was caught quickly and removed. It was cryptocurrency mining software that would send some mined currency back to the app maintainers without the users knowledge. Even with that there was no other ill effect from the app and AFAIK, it was unable to access the home folder of the user.
Flatpaks: If you use the official repo it should have about the same security as Snaps, nothing is perfect but anything that makes it in will be very quickly noticed and removed if it is malware and made it past the initial submission review.
I would personally doubt that anything overtly malware like a virus would make it into either Snap's or Flatpak's repos and anything with sneaky unwanted behavior like the aforementioned cryptocurrency mining app would stay in very long.
Overall I would say that both are safe but neither is as inherently safe as the official Ubuntu sources, but this goes for PPAs as well. Adding any sources outside of Ubuntu's official sources is not quite as safe.
I do have to add a caveat here, there are other Flatpak repos out there. Most of these are for legitimate programs that just want to host their own repo rather than use flathub. Those are completely outside any quality control of flathub and should only be added if you trust the developers of the program. This would also go for adding snap repos but I don't think that at this time there are any but the official Snap repos.
As to the whether or not flatpaks and snaps are safe to install
Overall that are safe as long as you stick to the official repos, look over the description of the packages you want to install and don't install anything that looks even a bit shady.
Both are a great way for users to have a safe (as safe as can be expected outside a distro's official package sources) way to install software that are not available any other way and have them "just work".
For example, I have Spotify installed as a Snap and Teamspeak 3 installed as a flatpak. While Spotify is available via a ppa, using a snap allows me to avoid cluttering apt with PPA that I can avoid using.
Teamspeak would only be available for me with a .run that unpacks the folder and then you put the extracted folder in your home directory and click on the sh file or use the command line to start. While I did this before and then made a desktop launcher to launch it for me then added that launcher to my
~/local/share/applications
folder to launch it. It was so much easier to just install the Flatpak in one step and have it work.To address that part of your lead up to your question:
I would suspect that reason the PPA completely hosed your Ubuntu install is because it brought in newer libraries as dependencies that your native programs were unable to use or overwrote your installed libraries with older ones that were too outdated to be used by your native Ubuntu.
The good thing about both snaps and Flatpaks is that they will bring in any libraries they need to run inside their own folders. Snaps and Flatpaks are self-contained and will not touch any of your system files or libraries.
The disadvantage to this is that the programs might be bigger than a non snap or Flatpak version but the trade off is that you don't have to worry about it affecting anything else, not even other snaps or Flatpak. If the app is broken because it brought in bad libraries or for any other reason you just uninstall it and it is completely gone.
It's very different for different apps. You can find good and well maintained apps:
But there are much garbage, outdated or insecure apps
Before install app you have to check author, current version/last update for snap version and same things for mainstream version, permissions (it may be "Classic" app with all dangerous permissions).
Same things for PPA, they are not any trusted quality control.