> For starters, it's the application that has to ask to be sandboxed
Are you sure about this? My belief was that all flatpak apps run inside a bubblewrap (bwrap) sandbox. I just checked and that's exactly how it runs for me.
> so if I were to make a malicious flatpak I will just ask for full file system access or d-bus.
This is done at install time. The application inside the flatpak can't change it on its own. Reputed repositories like Flathub check the permissions and flag them if they are too broad. And you can also change it using something like FlatSeal. This is almost the same permissions model followed by Android.
Are you sure about this? My belief was that all flatpak apps run inside a bubblewrap (bwrap) sandbox. I just checked and that's exactly how it runs for me.
> so if I were to make a malicious flatpak I will just ask for full file system access or d-bus.
This is done at install time. The application inside the flatpak can't change it on its own. Reputed repositories like Flathub check the permissions and flag them if they are too broad. And you can also change it using something like FlatSeal. This is almost the same permissions model followed by Android.