There are some security issues with snaps in Ubuntu, this is one example: https://ubuntu.com/security/notices/USN-5292-1. This is how to remove snaps from Ubuntu if you wish.
Firstly, update your package repositories.
~$ sudo apt update |
Remove all snapd, all installed snaps and the Software Center plugin (Don’t forget to save any data related to the snaps you use, such as your Firefox bookmarks).
~$ sudo apt autoremove --purge snapd gnome-software-plugin-snap |
Delete snap cache.
~$ sudo rm -rf /var/cache/snapd/ |
Create APT preference to prevent reinstallation of snaps.
cat <<EOF | sudo tee /etc/apt/preferences.d/nosnap.pref # To prevent repository packages from triggering the installation of Snap, # this file forbids snapd from being installed by APT. Package: snapd Pin: release a=* Pin-Priority: -10 EOF |
Software Center was removed with snapd, but you may install Gnome Software Center, or Synaptic if you’d like to retain a GUI installer on your system– or simply use APT in the terminal.
Install Flatpak.
~$ sudo apt install flatpak |
Add Flathub repositories.
~$ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo |
To install Chromium as a Flatpak:
~$ sudo flatpak install chromium |
To install Firefox as a Flatpak:
~$ sudo flatpak install firefox |
To install Firefox ESR from the Ubuntu repositories.
~$ sudo apt install firefox-esr |
Install Firefox as a Debian package.
~$ echo "deb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main" | sudo tee -a /etc/apt/sources.list.d/ubuntuzilla.list > /dev/null |
~$ sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 2667CA5C |
To uninstall Firefox
~$ sudo rm /etc/apt/sources.list.d/ubuntuzilla.list ~$ sudo apt autoremove --purge '*firefox*' ~$ sudo apt update |
To install Brave web browser.
~$ sudo apt install apt-transport-https curl ~$ sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg ~$ echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list ~$ sudo apt update ~$ sudo apt install brave-browser |
The goal here isn’t to debloat, it’s to remove an actual security vulnerability if you’re too impatient to wait for snapd upstream and Canonical to push an update to fix it. It’s a local limited-user-to-root privilege escalation, so if that’s a serious issue for you, replacing Snap with Flatpak is a reasonable thing to do since they do similar things and Flatpak doesn’t have this vulnerability. For the moment, I’m going to recommend blocking the installation of the Snap repository and only allowing you to install Snapcraft (and flatpack) as an exception because the process has been broken by bug 162816, which is something that is unlikely to be fixed soon enough so the use of Snap repositories should be limited. Note: this is not the kind of issue you want to be fixed right now since it affects non-Canonical systems, but that will be resolved in the next upstream version, so it should be resolved asap. It is worth noting that this isn’t due to a flaw in snapd, but to a flaw in Ubuntu Core 18.04 LTS.
On February 12, a new version of snapd will be released and it has already been deployed on the Ubuntu Core 18.04 LTS. It has security fixes and is a major update, so it’s better to wait for that. This is the only security issue we know that’s related to the snapd project. The problem is more general to all the distribution systems that can be compromised through limited user privileges.
I don’t care about removing the possibility of having the limited-user-to-root privilege escalation. I don’t care about Flatpak, and most things you use will be under much tighter security management than Snap does. You don’t need Flatpak for games or for software you need to keep it under control. And, you are in my personal opinion the much better end-user, and potential target of a vulnerability if someone gains root than the Linux and Android system in question. As for the “fixing” of that vulnerability, you probably want to be better informed before you say anything negative about the possibility to have your own binary version of a piece of software to install with limited user permissions than you would be for an official Snap that doesn’t have this vulnerability. What you should probably do is wait for the official version to be released and then install it.