All apps uploaded to the Snap Store undergo automatic testing, including a malware scan. However, Snap apps do not receive the same level of verification as software in the regular Ubuntu archives. In one case in May 2018, two applications by the same developer were found to contain a cryptocurrency miner which ran in the background during application execution. When this issue was found, Canonical removed the applications from the Snap Store and transferred ownership of the Snaps to a trusted third-party which re-published the Snaps without the miner present. Although the Snap sandbox reduces the impact of a malicious app, Canonical recommends users only install Snaps from publishers trusted by the user.
That disqualifies it as a general recommendation.
At time of writing, chromium in snapstore was from publisher Canonical with a green arrow standing for verified account.
Installation of snap by default in Whonix and/or Kicksecure might encourage installation of packages using snap. Would be hard to educate users “but please only use snap for chromium or other applications from trusted publishers”.
Probably best to find a more solid all around choice.
[because of its history,] the Snap store now integrates with other areas of the Canonical infrastructure. So the Snap store isn’t a single thing. It’s not like this one piece of software that you can easily decouple from the rest of the machinery that powers the infrastructure at Canonical. So we can’t just pull it apart and separate it and say, “Here you go, here’s the open source Snap store.
Canonical is doubtful that this investment would be worth it because of what happened with Launchpad. Although they invested significant resources in open sourcing Launchpad, there is still only one instance of Launchpad running and they have not received any significant contributions from non-Canonical employees.
Interestingly, Canonical actually released an open-source prototype Snap store backend a few years ago, but there was very little interest from the community in in actually maintaining and running a second Snap store, so the project bit-rotted and became incompatible with the current Snap protocol.
It links to this:
TechRepublic: Community members have expressed concern about the Snap server being proprietary software. What would be needed for a third party to operate its own Snap server, if it wanted to do so?