Introduction
Ubuntu has significantly enhanced its app permission prompting system, bringing it closer to the intuitive runtime controls found on Android and iOS. Instead of granting broad, permanent permissions during installation, you can now decide access rights on the fly—when an app actually needs to use your camera, microphone, or files. This guide walks you through everything you need to know to take full advantage of this snap-based security improvement. By following these steps, you'll gain fine-grained control over which apps can access sensitive system resources, boosting both privacy and security.
What You Need
- A computer running Ubuntu 24.04 LTS or later (or any version with snapd v2.60+).
- An active internet connection to install or update snap packages.
- Basic familiarity with the Ubuntu desktop environment (opening apps, clicking buttons).
- Optional: A snap-based app that requests permissions (e.g., a messaging app needing camera access).
Step-by-Step Guide
Step 1: Check Your Ubuntu Version and Snapd
First, ensure your system supports the latest permission prompts. Open a terminal (Ctrl+Alt+T) and run:
lsb_release -aYou should see Ubuntu 24.04 LTS or newer. Then verify snapd version:
snap versionIf snapd is older than 2.60, update it with:
sudo snap install coreThis step ensures the permission prompt service (snapd.apparmor and snapd.notify) is active.
Step 2: Install a Snap-Based App That Requests Permissions
To test the new prompts, install a snap that uses hardware or system resources. For example, install Firefox (if not already installed) or a camera app like Cheese:
sudo snap install firefoxOnly snaps packaged with explicit permission requests will trigger prompts. Classic deb packages and Flatpaks don't use this system. You can browse the Snap Store for apps that declare uses of camera, microphone, home (file access), or network.
Step 3: Launch the App and Trigger a Permission Request
Open the installed app from your launcher or terminal. When the app tries to access a protected resource (for example, Firefox accessing the camera for a video call), a modal dialog will appear. This is the runtime permission prompt—it looks like a small window with the app name, the requested resource, and options to Deny or Allow. You might also see “Only while using the app” for some resources.
If no prompt appears, the app may already have implicit permissions or hasn't requested that resource yet. Try performing an action that requires that permission (e.g., start a video call).
Step 4: Grant or Deny Permissions at Runtime
When the prompt appears, decide:
- Allow: Grants access for the current session only (the app can use the resource until you close it).
- Deny: Blocks access entirely; the app may show an error or degrade gracefully.
- If available, “Only while using the app” allows access only when the app is in the foreground.
After closing the app, the permission resets. The next time you launch the app and it needs that resource, you'll be prompted again. This is the key improvement: no permanent grant means you stay in control.
Step 5: Review and Manage Previously Granted Permissions
You can see which permissions have been allowed or denied for each snap. Open Software (Ubuntu's app store) or use the command line:
snap connections Replace <app-name> with the actual snap name (e.g., firefox). This lists all interface connections, including those granted or denied via prompts. To revoke a permission manually, use:
snap disconnect : For example, to disconnect camera access from Firefox: snap disconnect firefox:camera. This will force a new prompt next time the app tries to use that interface.
Step 6: Enable or Disable the Permission Prompt System
By default, prompts are enabled for all snaps that declare the permissions-control interface. If you want to disable prompting (not recommended), you can change the global setting:
sudo snap set core experimental.permissions-control=falseTo re-enable, set it to true. Note that this affects all snaps. You can also configure per-snap permissions by editing /var/lib/snapd/desktop/autostart/*.desktop—but that's advanced and best left for troubleshooting.
Step 7: Troubleshoot Missing Prompts
If you expect a prompt but don't see one, check the following:
- Is the app a snap? Run
snap listto confirm. - Does the snap declare the needed interface? Look at its permissions in the Snap Store.
- Is the
snapd.notifyservice running?systemctl status snapdshould show active. - Some interfaces (like network) are auto-connected and don't prompt. Only sensitive ones (camera, microphone, home) trigger prompts.
If problems persist, restart snapd: sudo systemctl restart snapd.
Tips for a Smooth Experience
- Stay updated: Keep your Ubuntu release and snapd up to date to receive the latest prompt improvements.
- Be selective: Only allow permissions when you actively trust the app and need the function. Denying rarely breaks core features—apps should handle denial gracefully.
- Use 'Only while using the app' whenever possible for camera and microphone to prevent background spying.
- Check app behavior: If an app misbehaves or requests unexpected permissions, revoke them immediately using the
snap disconnectcommand. - Remember the prompt disappears: If you close the prompt without choosing, it defaults to deny. You can rerun the app to trigger it again.
- For developers: If you package your app as a snap, declare the
permissions-controlinterface and add appropriate permission requests to your snap's metadata. This ensures users see your prompts.
By mastering these steps, you can enjoy a more secure and privacy-respecting Ubuntu experience, exactly as Canonical intended. The runtime permission model puts you in charge, one prompt at a time.