Haroopad is a markdown editor, I downloaded it from this website:
http://pad.haroopress.com/user.html => haroopad-v0.13.1-x64.deb (minutes ago it was still the current version)
I’m on Ubuntu Linux 18.04.
By having AppArmor scan related events in the log file, I find plenty I’m unable to evaluate, such as accesses to ~/.Private/ECRYPTFS_<long hash codes>…
The filesystem encryption gets unlocked at boot time of course.
So far I haven’t seen anything like that in the few other apparmor profiles I’ve gone through, e.g. Firefox and Thunderbird, but I didn’t make them from scratch either, I just added a few lines.
Could I have downloaded a compromised package? (I don’t see any signatures of the developers on that page that might serve to verify the package integrity.)
Or maybe those events are just fine and have nothing to do with any attempt of exploiting anything.
Does anybody more knowledgeable have a suitable profile for this app?
Or can anybody more knowledgeable give it a try with AppArmor?
Also, I might be excessively suspicious because I’ve found mention of the Haroopad markdown editor on some Steemit posts inviting to use Haroopad to format Steemit posts. Users log into Steemit by mean of private keys that - as far as I know - might give access to some extent to the crypto wallet associated to their Steemit/DTube accounts.