Snapcraft temporarily suspends automatic Snap registrations due to security incident

Snapcraft, the Linux app store managed by Canonical, has temporarily suspended automatic Snap registrations. This move was announced by developer advocate Igor Ljubuncic on Canonical's Snapcraft forum three days ago following a reported security incident.

On September 28, 2023, the Snap Store team was alerted to a potential security threat after several snap users reported recently published snaps that were potentially malicious. In response, the Snap Store team immediately removed these snaps, making them no longer searchable or installable.

In addition to this, a temporary manual review requirement has been implemented for all new snap registrations. This requirement means that anyone attempting to register a new snap will be prompted to “request reserved name”. The name will then be registered following a successful manual review by the Snap Store staff. However, this requirement will not impact the uploading and releasing revisions for existing snaps.

The Snapcraft team has stated that their goal is to “thoroughly investigate this incident without introducing any noise into the system” to ensure users continue to have a safe and trusted experience with the Snap Store.