| That's an added layer of protection but it's hardly foolproof. A malicious game/app can still: * Exfiltrate personal data from allowed Flatpak directories * Steal data you intentionally open via portals (e.g., documents, password files, wallet backups) * Store malware or persistence files inside the Flatpak sandbox * Use network access to phone home data or join botnets * Abuse CPU/GPU for crypto mining * Delete or modify files in your home directory if granted --filesystem=home * Read browser cookies, auth tokens, SSH keys, cloud credentials if home is exposed * Install persistence via ~/.config/systemd/user/ services * Global keystroke logging on X11 * Screenshot entire desktop on X11 * Inject fake input events to the system (mouse/keyboard) on X11 * Record screen via portals if user once granted permission * Gain full FS access if granted --filesystem=host * Abuse DBus to change system settings or trigger polkit actions * Install software outside the sandbox (e.g., ~/.local/bin or autostart scripts) * Interact with hardware via /dev if granted --device=all * Trigger kernel or driver privilege-escalation vulnerabilities * Load or execute unsafe third-party mods, DLLs, or anti-cheat binaries * Malicious patchers or mod loaders downloading external payloads * Replace shell history or alter aliases to hide malicious activity * Encrypt local or network-mounted files (ransomware) * Spread laterally via stolen SSH keys to other machines * Manipulate GPU/driver calls for rootkit-like persistence * Abuse Wine/Proton compatibility layers to escape sandbox using native loaders * Modify dotfiles (.bashrc, .profile) for stealth persistence * Abuse LAN trust to attack other devices on the network * Disrupt system performance via thermal abuse (extreme sustained loads) * Exfiltrate browser sessions or wallet seeds stored in plaintext * Execute background processes whenever game is launched without user awareness |