Assign apps a safety rating using an at-a-glance "safety scorecard"
This idea was inspired by something I saw in https://www.youtube.com/watch?v=j0IhajCNs14, which is quite a relevant take on Linux app deployment.
Anyway, the idea is to replace the current mishmash of metadata relating to an app's license and permissions with a simple "Safety scorecard" UI, with expanded information available on a separate page/sheet for people who want to know all the nitty-gritty details. License and permissions are quite technical and my sense is that most users don't really want to dive into this stuff; they would benefit from a higher level safety scorecard that provides at-a-glance information. If we do this, we could relocate the sections about the app's license and permissions to the nerdy expanded view, saving space on the main page and making its information simpler and more relevant.
In essence, we would rate apps on a scale of safety from 0 to 3 points:
- 3 points: Maximum safety
- 2 points: Safe*
- 1 point: Possibly unsafe
- 0 points: Unsafe
Points would be awarded like so:
- +1 point: all licenses are FOSS (0 points if the app has any proprietary licenses)
- +1 point: sandboxed (0 points if it's not sandboxed, or if it's got such broad perimssions that the sandbox is effectively escaped, e.g. full read/write filesystem access in a Flatpak)
- +1 point: packaged by the developer, a member of the developer's organization like the KDE release team, or a trustworthy 3rd-party packager like the user's distro (0 points if the app has been packaged by a random person in a PPA, OBS repo, Flathub package from an internet rando not endorsed by the developer, etc)
Over time we could potentially refine this and add more criteria too.
For apps listed as "Probably Unsafe" or "Unsafe," the simple view would list the factors in a short bulleted list that are causing Discover to rate the app badly.
*The reason for 2 out of 3 points being listed as "Safe" is that you really need a combination of at least 2 of the above issues to result in a real problem. For example if an app is not sandboxed, but it's FOSS and packaged by a trustworthy packager, the fact that it has full access to your system is probably not a significant issue. Likewise, a proprietary app that's sandboxed and packaged by someone trustworthy has been checked out and at least contains a means for the user to restrict its activities via the sandbox.