This list tries to filter out recommended Applications for everyday usage on Linux. It focuses on giving advice for Software following good practices.
If a piece Software is actually secure has to be decided per-app though, as it is a very complex task.
- ๐ Web Browser
- ๐ง Mail Program
- ๐ฌ Messenger
- ๐ Image Viewer
- ๐ผ Video Player
- ๐ถ Music Player
- ๐ PDF Viewer
- โ๏ธ System
- ๐ฅ๏ธ Office
- ๐๏ธ Image Editing
- ๐ File Encryption
- ๐ Password Management
- โ๏ธ Synchronisation & Backups
- โฉ File sharing
- ๐ฅ Screen recording / Streaming
- ๐งฐ Tools
- ๐ฆ Windows and Android Apps
Flatpak's main purpose is to make every GUI app run on every Linux Distro.
The current state of the Linux Desktop is a mix between old reliable Software like Libreoffice & GIMP, and modern Development that focuses on Permissions, Portals, Wayland and more.
Flathub has started to get a really good security rating system, but that has not arrived in every GUI software store on your Desktop.
Also you can't sort by the rating (yet) or exclude insecure apps.
It can also be a bit overwhelming, as device access may simply be needed for a platform like a browser to be user friendly.
So this list is a collection of Apps where maybe there is no alternative yet, and/or that follow best practices.
Thunderbird Thanks to a good campaign Thunderbird is back on track, modernizing their old code and making the App look modern.
Thunderbird is based on Firefox ESR, just like the Torbrowser. This means we can assume it gets all Security Fixes of Firefox, and benefits by the Firefox project a lot.
It is the only feature-complete and widely used Mail program with easy support for OpenPGP, and I highly recommend you to learn its basics! (A PGP tutorial will be added on time).
This will have some drawbacks, and a middleway is needed, that allows
- Local timezone
- Extension installs
- Calendar Event Adding
This may be possible to apply using an override, or by splitting up the hardening user.js into seperate groups, depending on your use case.
The Hardening configuration is a deviation of the Arkenfox userjs, which is a security & privacy Configuration set for Firefox. As a Mail program is often used differently (you only contact people you know and mostly in the same timezone) your requirements may be different.
You should not install dozens of Addons, but some are really useful.
- Thunderbird Conversations: Useful threads for mail exchange with the same person or group. Sometime in the future this will become native to Thunderbird, and this addon obsolete.
- DKIM Verifier: Very important, it shows a Warning if the mail origin may be manipulated.
- QuickText: Fill in snippets like greetings or closings
- Nextcloud Attachments: This addon allows to send attachments via your FOSS cloud storage, to work with attachment size limitations and save data. May also support password-protected file sharing (only secure when using PGP!)
Theoretically you can install most Firefox addon files manually. ("Dark Background & Light Text", "Firefox Translations" & Snowflake do not work)
Most popular messengers are way more secure than Mail, phone calls or SMS. Many clients are using Electron which is a security issue, because it bundles a less secure Chromium, is overcomplex and doesnt respect system configs.
Fractal
- ๐ฅ๏ธ GTK client, native Wayland support
- ๐พ no filesystem access, uses portals
- written in Rust
- adaptive UI
- not all features supported, sometimes opinionated design
Element, Syphon, Fluffychat: all Electron apps, Element may be preferred. Use Element Web if you want to avoid using Electron apps.
Dino, Gajim
- ๐ฅ๏ธ GTK, Wayland support
- ๐พ file portal support
Official clients use Electron, Flare for Signal is not yet complete.
Mixin: outdated runtime, not well maintained
Teams, Skype, Discord,... : all not E2EE so your messages will be read, scanned, etc.
Telegram:
- ๐ฅ๏ธ not using Electron, Wayland support, well packaged
- Desktop does not support end-to-end encryption
- Telegram doesn't support E2EE group chats at all
- very secure, sandboxed SVG display, written in Rust
- nearly no features
- ๐พ unrestricted filesystem access by default, but can use portals
- no saving needed because it can't do any editing
- some lacking view features like "fit image to size"
- ๐ฅ๏ธ GTK, Wayland support
- written in C++, probably less secure
- ๐พ unrestricted filesystem access by default, can only open but not save files through the portal
- small amount of editing features you may want
- good viewing settings
- ๐ฅ๏ธ Qt, Wayland support
- ๐ฅ๏ธ MPV frontent with Wayland support
- ๐พ no filesystem access, portals
- Keyboard shortcuts, less GUI buttons (no customization)
- customizable with standard MPV config files
- follows light/dark mode when using Adwaita dyanamic theme (also on other desktops)
example input.conf:
# Arrow keys control volume
UP add volume 1
DOWN add volume -1
# Mouse click on center pause/play
MOUSE_BTN0 cycle pause
# speed change
CTRL+UP add speed +0.1
CTRL+DOWN add speed -0.1
Place this file in ~/.var/app/io.github.celluloid_player.Celluloid/config/celluloid/ to allow automatic loading etc.
- ๐พ minimalist filesystem permission, no portal support (opening videos through filemanager works)
- ๐ฅ๏ธ GTK, native Wayland support
- written in Rust
- minimalist, using gstreamer
- not yet official, but very well done
- doesn't use portals, needs broad filesystem access
- 4.x is still in Beta, bringing a new Interface (only install way currently is through the Ubuntu PPA, works through Distrobox flawlessly)
- ๐ฅ๏ธ no Wayland support (currently, own toolkit)
- ๐พ full host filesystem access, no portal support
- very complex media suite, not only a player
- very customizable, but most extensions & themes don't work anymore
You may just use your video player. Otherwise:
- ๐พ little static permissions, can use portal only for default directory
- supports Pipewire and other outputs
- feature rich, artist view, albums, no playlist support
- ๐ฅ๏ธ GTK, Wayland support
- ๐พ Little static filesystem permissions, uses portals to open more directories or files
- No folders, playlists, ...
- best in combination with a File Manager
- ๐ฅ๏ธ GTK, Wayland support
- ๐พ old App, static and broad permissions
- very feature rich
- native Wayland support through Qt
- hardly maintained
- ๐ฅ๏ธ Qt, Wayland support
Your Browser can view and even edit PDFs!
pdfjs.enableScripting = false in about:config
- some editing capabilities
- ๐พ completely unrestricted filesystem permissions, works perfectly without, using portal
- Internet Permission
- ๐ฅ๏ธ Qt, Wayland support
- ๐พ has filesystem Access by default, works without, using portals
- for opening PDFs
- also for saving PDFs, but you always need to specify the location.
- ๐ฅ๏ธ GTK, Wayland support
โ ๏ธ Flatseal
If you are not on KDE, this is an essential tool to manage Flatpak Permissions easily.
- ๐ฅ๏ธ GTK, Wayland support
- ๐พ no filesystem access
- Features similar to Windows' Task Manager.
- Only needed permissions
- ๐ฅ๏ธ GTK, Wayland support
- ๐พ only needed filesystem access
- Not needed when using KDE Discover, but useful on other Desktops.
- ๐ฅ๏ธ GTK, Wayland suppport
Displays your firmware versions. In the end nothing more than
fwupdmgr get-devices
fwupdmgr upgrade
- shows low-level details about your System and Hardware
- has minimal permissions
- ๐ฅ๏ธ GTK, Wayland support
- ๐พ only needed filesystem access
- ๐ฅ๏ธ GTK, Wayland support
- ๐พ some Filesystem permissions, but works completely without; uses Portals
- reported to work really well
- ๐ฅ๏ธ GTK3, Wayland support
- permissions get better Flatpak adaption
- ๐พ no filesystem portal support currently
is the only complete Office Suite for easily editing WYSIWYG (what you see is what you get) Documents.
- huge and old codebase, Flatpak can only be installed as a bundle of all
- ๐พ incompatible with portals currently (Issue
- ๐ฅ๏ธ Wayland support (own toolkit)
- Modern LaTeX alternative, with easier syntax and fancy features like incremental updates
- Install locally using cargo (Rust package manager)
- Support for VSCodium is currently best
- ๐ฅ๏ธ CLI ๐พ unrestricted, no portals
Markdown
- Many available Editors, search on Flathub
LaTeX
Good general Text Editors
- VSCodium uses a Microsoft codebase but has tracking removed. The Flatpak is unofficial and has limited features
- Kate by KDE, currently only Kwrite (a subset of Kate) is on Flathub
- Lapce: modern, but work in progress editor written in Rust, Website
You may just use PDFs for presenting, which can open everywhere.
Creating those can be done using Markdown, LaTeX and more. You may want to use Pandoc, which has no GUI and thus no Flatpak.
Otherwise, Libreoffice Impress is the best tool.
- Very similar to Libreoffice Calc, support for the same filetypes
- ๐พ restricted filesystem permission but no portal support (so you need to extend it)
- ๐ฅ๏ธ GTK, Wayland support
Gwenview from KDE, see above
Pinta
- modern drawing app with layer support
- ๐ฅ๏ธ GTK, Wayland support
- ๐พ very specific filesystem permissions but works entirely without, using portals for opening and saving
IMEditor
- minimal, not many features, some not finished
- ๐พ no filesystem permissions, using portals
- ๐ฅ๏ธ GTK, Wayland support
- setting
GTK_THEMEAdwaita:darkas environment variable may help with theming issues
Photoflare
- various image editing features
- ๐พ unrestricted filesystrem permission, works without, using portals
- ๐ฅ๏ธ Wayland support
Drawing
- simple elegant drawing tool
- ๐พ no filesystem acccess, using portals
- ๐ฅ๏ธ GTK, Wayland support
KDE only, native app:
- Spectacle (yes the screenshot tool) has some more editing tools, this Dolphin Addon helps to use them
GIMP
- legacy application which stuggles to use GTK 3
- ๐ฅ๏ธ currently no Wayland or portal support
- ๐พ unrestricted filesystem access, no portals
Krita
- less image editing features than GIMP
- focused towards drawing
- ๐ฅ๏ธ Wayland support in progress, porting to Qt6
- ๐พ replaceme
Inkscape
- modern application
- ๐พ no portal support because of specific requirements, Issue report
- ๐ฅ๏ธ GTK, Wayland support
- optimized for encrypting cloud synced files.
- ๐พ unlimited filesystem access, no portal support
โ ๏ธ developers actively block using sandboxed config files- ๐ฅ๏ธ No Wayland support yet Issue
You can restrict the filesystem access, after opening the app once, to create the directories:
/home/username/.local/share/Cryptomator
/home/username/.config/Cryptomator
# and all the directories where you store the encrypted folders
- possible replacement for KeepassXC
- ๐พ using portals
- no permissions except inter-process-communication
- ๐ฅ๏ธ GTK, Wayland support
- ๐พ unrestricted filesystem access, no portals
- ๐ฅ๏ธ Qt, Wayland support
- currently no support for Autotype on Wayland
- The lack of a "native messaging" portal prevents it form autofilling passwords in your browser
Bitwarden: Goldwarden
- ๐พ no filesystem access, using portals
- ๐ฅ๏ธ GTK, Wayland support
- written in Go
- OTPClient
- Authenticator: written in Rust, using a Ruby Library
- Keysmith
- all with ๐ฅ๏ธ Wayland support
Note: Device Access may be wanted for password managers and OTP Generators, to access hardware keys such as
- Very configurable
- peer-to-peer Synchronisation without a Server!
- ๐พ unrestricted Filesystem Access, not using Portals
- ๐ฅ๏ธ Wayland: Systray icon and WebUI
- ๐พ unrestricted filesystem access, not using Portals: it has to be limited manually
- not an official Flatpak
- ๐ฅ๏ธ Electron, Wayland support
Notes:
- many local backup Flatpaks need to be configured manually!
- use Cryptomator for encryption if you don't trust your provider
โ ๏ธ often no client at all without using Electron,nextcloudcmdmay be available
- great cross-platform tool for filesharing over Wifi
- ๐พ minimal permissions, static Download folder, no portal usage
- ๐ฅ๏ธ GTK, Wayland support
- modern app for filesharing over the internet
- ๐ฅ๏ธ GTK, Wayland support
- ๐พ using portals, download folder access can be removed
- written in Rust
- complex and feature-rich recording solution, a bit bloated
- screenshare portal support
- ๐พ filesystem access unrestricted, no portal support
- ๐ฅ๏ธ Qt, Wayland support
- filesize can often not be reduced well, ffmpeg support is not very accessible
- hardware accelerated minimalist screen recorder and streamer, best of all
- ๐ฅ๏ธ GTK, Wayland support using portals
- ๐พ unrestricted filesystem access, no portals
- special: needs to be installed as system flatpak, relies on polkit to get elevated hardware access
- ๐ฅ๏ธ GTK, currently only X11 support
- ๐พ default filesystem access unrestricted, but can use portal
- Wayland recording screenshare & filesystem portal
- unofficial Flatpak
Modern QR Code Scanner
- using portals
- written in Rust
- ๐ฅ๏ธ GTK, Wayland support
- ๐พ no filesystem access
cd ~/.local/share/applications
# copy Desktop Entry
cp /var/lib/flatpak/app/com.belmoussaoui.Decoder/current/active/export/share/applications/com.belmoussaoui.Decoder.desktop ./
# make the App delete its storage after closing
sed -i 's/--command=decoder com.belmoussaoui.Decoder/--command=decoder com.belmoussaoui.Decoder && rm -rf $HOME/.var/app/com.belmoussaoui.Decoder/g' com.belmoussaoui.Decoder.desktop
An easy tool for flashing ISO images to USB flashdrives
- ๐พ no filesystem permissions, using portals
- written in Rust, using udisks2 from the freedesktop.org runtime
- ๐ฅ๏ธ GTK, Wayland support
WINE has become very popular through the work of Valve, Codeweavers and many open source contributors. But don't forget that running random Windows apps (maybe from shady sources) is a huge security risk on your otherwise secure system.
- perfectly packaged, easy to use WINE interface
- ๐ฅ๏ธ GTK, Wayland support
- ๐พ no filesystem access, uses portals
- minimal permissions
- can install various WINE variants like Valve-proton, Proton-GE (recommended) and more to the used launchers
- ๐ฅ๏ธ Qt, Wayland support
- ๐พ restricted static permissions to install into other Flatpak's directories
- ๐พ rootful LXC container, not isolated at all
- using an outdated version of Android (Android 11, 14 is currently used)
- ๐ฅ๏ธ Wayland only
You may want to prefer using a virtual machine with BlissOS or even qemu-aarch64 and a regular ARM image to have all Apps work. There is no easy install solution currently, but that would be a huge security benefit. Running in a rootless Podman container would also be a big improvement.
Check your apps, see if you find more secure alternatives. If an app is not adapted to modern standards (and Desktops don't yet have GUI popups for filesystem access), you need Flatseal/KDE's systemsettings page to restrict the permissions of the apps to your needs.
Especially filesystem access is critical, so it is important to know the locations applications write their files, to be able to allowlist only them + chosen locations.
Common locations for files, instead of xdg-host are:
/home/USER or /var/home/USER
/mnt or /var/mnt
/run/media/USER
You can also test Wayland support when it is still experimental and report bugs.
Improve the permissions of apps you use, and help packagers improve them!