Ubuntu Grants Users More Control with Enhanced App Permission Prompts

Ubuntu has taken a significant step forward in user privacy and control by revamping its app permission prompting system, particularly for Snap packages. Inspired by the familiar modal pop-ups on Android and iOS, the new feature lets you grant hardware and system access to apps on the fly—right when they need it—rather than dealing with static, post-install settings. Canonical’s Oliver Calder detailed the changes, emphasizing a design that “empowers users” through real-time decisions. Below, we break down how this works, why it matters, and what it means for desktop security.

What is the latest improvement to Ubuntu’s app permission prompting feature?

Ubuntu’s recent update supercharges the permission prompt system for Snap applications. Previously, granting access to your camera, microphone, or file system often involved digging into system settings after installation. Now, when a Snap app first requests a sensitive resource—like your webcam—a clear, non-blocking dialog appears on your desktop, asking if you want to allow or deny the request. You can even choose “only while using the app,” mirroring the granularity found on mobile platforms. This shift from retrospective to runtime permission management puts you in the driver’s seat, making security decisions more intuitive and timely. The change was announced by Canonical’s Oliver Calder, who highlighted that the goal is to make users feel confident and in control without sacrificing ease of use.

Ubuntu Grants Users More Control with Enhanced App Permission Prompts — Source: www.omgubuntu.co.uk

How does the new runtime permission model differ from previous approaches?

Older versions of Ubuntu relied on static permissions—you’d grant broad access during Snap installation or later through the Software Center, and the app kept those rights until you manually revoked them. This all-or-nothing approach often led to apps hoarding permissions they didn’t need. The new model flips that: permissions are requested at runtime, meaning the app only gets access when it’s actively using the resource. For example, a photo editor can ask for your camera only when you click “take a photo,” not from the moment it launches. This reduces attack surface and respects your privacy. Additionally, the prompt now offers “deny” and “allow only while using the app” options, which were missing in earlier designs. The change aligns Ubuntu’s desktop experience with the security standards we’ve come to expect from smartphones.

Why is Canonical focusing on permission prompts for desktop Linux?

Canonical sees runtime permission prompts as a cornerstone of modern operating system security. Desktop Linux has historically lagged behind mobile platforms in this area, often assuming that anything installed by the user can be trusted. However, as Linux gains popularity and apps become more complex, that assumption no longer holds. By introducing granular, real-time prompts—especially for Snap packages—Canonical wants to make Ubuntu safer for everyday users without requiring advanced security knowledge. Oliver Calder explained that the goal is to “empower users” by giving them clear, actionable choices at the moment a resource is needed. This approach also makes it harder for malicious or misbehaving apps to silently exfiltrate data. It’s a proactive step that bridges the gap between desktop freedom and mobile-style privacy controls.

How do these prompts compare to those on Android and iOS?

The new Ubuntu prompts are remarkably similar to the permission dialogues found on Android and iOS. Like those mobile systems, when an app needs access to a sensitive function—say, the camera or location—a modal window appears with options to “allow,” “deny,” or “only while using the app.” There’s also a clear explanation of what the app is requesting. However, there are notable differences. On mobile, prompts are tied to a single user and often have persistent “Don’t ask again” options. Ubuntu’s implementation is desktop-focused, meaning it interacts with window managers and may need to handle multiple app instances. Also, because Ubuntu uses Snap’s sandboxing, permissions are enforced at a system level without relying on the app’s good behavior. Overall, while the concepts are identical, Ubuntu adapts the pattern to suit a multi‑window, multi‑tasking environment.

What types of permissions can users now grant at runtime?

The update covers a broad set of sensitive hardware and system resources. Users can expect prompts for camera, microphone, location, file system access (particular folders like Pictures or Documents), network services (e.g., Bluetooth), and system interfaces like the webcam indicator LED. The list is intentionally similar to mobile permissions, covering anything that could compromise privacy or security if abused. Notably, Snap packages must declare these permissions in their manifest, and the prompt only appears when the app first tries to access the resource after installation. This ensures transparency—you always know exactly when an app is reaching for something sensitive. Canonical plans to expand this list over time, potentially covering additional device classes such as USB peripherals or GPU features. For now, the core set gives users meaningful control over the most common privacy‑sensitive actions.

How does this feature enhance user security and privacy?

Runtime permission prompts create a strong security layer because they force apps to justify each access in real time. Without this, an app could silently record audio or scan your files in the background, and you’d never know. Now, every sensitive action triggers a dialog, so you can immediately block anything suspicious. The “only while using the app” option also prevents apps from hoarding permissions when they’re minimized. This reduces the attack surface: even if a Snap package is compromised, the attacker can’t automatically access your camera or microphone without triggering a prompt. Additionally, because Snap’s sandboxing enforces the decision, a user’s choice is enforced by the system, not by the app itself. For typical desktop users, this means stronger protection against spyware, adware, and negligent app behavior, all without needing to delve into complex security panels.

What are the potential downsides or challenges with this system?

While the improvements are welcome, they come with a few caveats. Frequent permission prompts can become disruptive if a user interacts with many apps that request access repeatedly. Although the system remembers your choice for the current session, apps that legitimately need persistent access—like a video conferencing tool—might still annoy you if you keep closing and reopening it. Additionally, the feature currently only works with Snap packages; traditional DEB or Flatpak applications do not benefit from runtime prompts, creating a fragmented experience. There’s also a learning curve for users accustomed to the older “install and forget” model. Finally, as with any prompt, there’s a risk of “permission fatigue” where users click “allow” without reading the details. Canonical is aware of these issues and is reportedly working on smarter defaults, such as automatically granting permissions to trusted app stores while still giving users oversight.

Will this system be extended to non-Snap packages in the future?

Canonical has not announced plans to bring runtime permission prompts to DEB or Flatpak packages, primarily because those packaging systems lack the mandatory sandboxing that makes such prompts enforceable. For the feature to work reliably, the system must be able to intercept resource requests and block them unless the user explicitly allows it—something only Snap’s confinement model guarantees. However, the company is actively exploring ways to improve permission management across the board. One possibility is tighter integration with Ubuntu’s desktop environment, enabling a unified permission manager that can track and revoke access for all apps, regardless of package format. Another avenue is encouraging more app developers to adopt Snap. As user expectations evolve, Canonical may eventually extend similar controls to other package managers, but for now, Snap remains the primary focus due to its technical advantages in access control.