Take any article from five years ago with a grain of salt. A lot more measures have been put into place, but I’m sure others will answer this to put your mind at ease. Also remember, blogs and media like to over-sensationalize to drive those clicks. So even though it did exist, it was found rather quickly and taken care of.
With that, let’s not be alarmist and think this can still happen. I am, however, going to defer to the experts on this.
The most recent publicized case of concern around software in the Snap Store was a couple of months ago:
Although the implementations are very different, it might also be interesting to read about some of the dialogue surrounding security concerns for Flatpak, just for perspective on the whole topic of sandboxed apps:
I’m curious, what kind of policy would you think is fair for outdated snap packages?
Note that this isn’t a random person publishing a random application. This is the application developer themselves that published the app. Yes it appears broken but does that give Canonical the right to remove the application from the store without the app developer’s consent? I’m not taking any sides here, I’m just giving some context for why there isn’t an immediately obvious correct solution to this problem.
So what would you propose? At what point is Canonical allowed to modify/remove a snap without the owner’s consent, and how would such a process go?
It’s broken, it’s useless and the developer didn’t take care of. So, the maintainer of the store should have the right to step in when such a case appears. Depending on an application, a broken app can have “malicious” consequences as well. Even if not intentionally.
The store can notify the developer of course, given that the dev has valid contact details. That is also enough. The approach does not have to be different from any other app store and it needs to be strict enough to be trusted. Be strict, be clean!