If you’ve been managing Linux desktops lately, you’ve noticed the old “just use the distro’s package manager” playbook has developed cracks. Flatpak, Snap, and AppImage are all trying to solve the same problem — how to ship software that works the same way everywhere — but they’ve each chosen different paths through the forest, with wildly different philosophies about security, updates, and where your app is allowed to live.
Flatpak is the desktop community’s favorite, complete with Flathub marketplace approval and a sandboxing model that actually respects your freedoms. Snap is Canonical’s mandatory hammer on Ubuntu, beloved by server folks for CLI tools, and despised by desktop users who got tired of waiting 10 seconds for their text editor to start. AppImage is the “no installation, no dependencies, just run it” poster child — which sounds perfect until you realize “no install” also means “no updates, no uninstall, and nobody knows where you put the damn thing.”
Here’s how to pick the right one for what you’re doing.
The Sandbox Model: What Actually Happens When You Install
The philosophies diverge immediately when you ask: “Who decides what this app can access?”
Flatpak: Bubblewrap sandboxing with portals. Flatpak wraps your app in bubblewrap (literally bubblewrap, a small namespace isolation utility from Flatpak’s authors) and enforces strict boundaries on filesystem access, network, and system calls. Your music app doesn’t need to read your SSH keys, so it doesn’t get permission to. By default, Flatpak apps see a minimal filesystem: their own app directory, an isolated home ~/.var/app/org.appname/home/, and not much else.
Permission boundaries are enforced through a “portal” system — if your app needs to access a real file on your actual disk or send you a desktop notification, it goes through a portal daemon that checks the permissions manifest. This is security-conscious by default. The permission model is explicit: you look at a YAML file and see exactly what the sandboxed app is allowed to touch. If an app’s Flatpak manifest requests filesystem: home, you’ll see it. If it doesn’t, it can’t.
Snap: AppArmor confinement. Snap leans on AppArmor (a Linux Mandatory Access Control framework) to constrain app behavior. Snaps are confined by default, which sounds good on paper — except Canonical’s philosophy is “all snaps should be installable from the Snap Store without friction,” which means most snaps get broad permissions like home: read to make installation frictionless. A confined Snap still has fairly broad access unless you actively lock it down.
The permission model is there, but the cultural pressure is toward permissiveness. A Snap can request plugs (permissions) that define what it can access, and on the desktop, you get a prompt asking if you want to allow it. But the default stance is “let’s not break the app” rather than “let’s only give it what it needs.”
AppImage: No sandbox, just a file. AppImage doesn’t sandbox at all. It’s a single executable file that extracts itself to a temp directory and runs with the same permissions as the user who launches it. No access controls, no permission boundaries, no portal system. Your AppImage has full access to everything your user account can touch — your Documents, your .ssh folder, your entire home directory, every mounted filesystem.
This is why AppImage is fast and portable: there’s no security overhead. It’s also why if you’re installing an AppImage from a random GitHub release, you should inspect what it’s doing before running it.
Install, Uninstall, and “Where Does This Live?”
Where your app physically lives on disk tells you a lot about how it works and how hard it is to get rid of.
Flatpak: Central registry, Flathub. Most Flatpaks come from Flathub, the community marketplace. Installing a Flatpak is dead simple:
flatpak install flathub org.gnome.CalendarFlatpak maintains a central registry in ~/.local/share/flatpak/ (user-level) or /var/lib/flatpak/ (system-wide). The app data, runtime dependencies, and configuration all live there. Uninstalling removes everything:
flatpak remove org.gnome.CalendarThis is clean and central. You know where everything is. Your distro doesn’t matter — a Flatpak from Flathub works identically on Fedora, Ubuntu, Arch, or Tumbleweed.
The tradeoff: Flathub submissions go through a review process (for security and quality), which means there’s a small delay between an upstream release and a Flatpak landing on Flathub. Most apps update within a day or two, but if you’re chasing bleeding-edge releases, you might wait.
Snap: Ubuntu’s mandatory stomach, Snap Store by default. Snaps install from the Snap Store (or from .snap files), and Snap stores them in /snap/ (read-only, mutable per app). On Ubuntu, the Snap daemon (snapd) is installed by default and runs as a system service.
snap install vlcSnaps live in /snap/vlc/, with symlinks to binaries in /snap/bin/. The Snap Store is the primary distribution channel, and Canonical controls the store. Unlike Flathub, Snap Store is not community-driven; Canonical moderates it with a lighter touch than Flathub’s review process.
The philosophical problem: Snap assumes all snaps come from the Snap Store. If you have a snap that’s not in the Snap Store (maybe you built one internally), you have to install it manually and manage updates yourself. Canonical’s bet is that you’ll just use the Store, and a lot of server-focused Snap users feel trapped by that assumption.
Uninstalling is straightforward:
snap remove vlcBut Snap store authentication and implicit updates are baked into the system. You can hold updates now (sudo snap refresh --hold pauses everything indefinitely, or hold a single snap by name), but the fact that auto-updates are the loud default and holding is the obscure opt-out is its own frustration.
AppImage: Files scattered everywhere. AppImages are just .AppImage files that you download and run. They don’t install into a central location. You download, chmod +x, and click, or:
chmod +x MyApp-1.0.0.AppImage./MyApp-1.0.0.AppImageThere’s no central registry. Uninstalling is “delete the file.” Keeping track of where you put it is your problem. Some people shove AppImages into ~/.local/bin/, others into ~/Apps/, others just leave them scattered on the Desktop.
This is why AppImage is portable and low-friction: there’s nothing to install. It’s also why AppImage packages often accumulate on your disk and you forget what’s there.
Updates: Automatic, Manual, or Never?
How often your app gets new features or security patches matters more than you think.
Flatpak: Automatic, can be disabled. By default, Flatpak checks for updates once a day and installs them without fanfare. You can disable this:
flatpak update org.gnome.Calendar# Or update everything:flatpak updateUpdates are atomic and rollback-friendly — if an update breaks, Flatpak keeps the old version around and can revert. This is solid engineering.
Snap: Automatic, opt-out is obscure. Snaps auto-update without asking. You can reschedule the refresh window with snap set system refresh.timer=..., or pause updates entirely with sudo snap refresh --hold (added back in snapd 2.58) — that works on desktop too, despite the old folklore that you’re stuck. The real gripe is the default: updates land in the background unless you go hunting for the hold flag, and “you don’t get to decide” was Snap’s vibe for long enough that it stuck.
This is a real friction point: your Snap updates in the background, and the next time you launch it, it’s newer, and sometimes things break.
AppImage: You manage it yourself. AppImage doesn’t have a built-in update mechanism. If a new version is available, you download it manually, replacing the old file. Some projects include update checkers (AppImageUpdate), but they’re optional and not standardized.
This is the AppImage trade-off: low friction to run, high friction to maintain. For apps you run once a year, it’s fine. For a critical tool you use daily, you end up checking GitHub releases by hand or writing a cron job to update it.
Startup Time and Performance
You’ve probably heard the Snap startup time moan. It’s real, and here’s why.
Flatpak: Fast. Flatpak apps start quickly because the runtime and app bundle are already in the local filesystem (~/.local/share/flatpak/). The sandboxing overhead is minimal — bubblewrap is lightweight. Flatpak’s policy on closing unused app resources also helps.
Snap: Slow (desktop). Snaps on the desktop have a notorious startup latency. The Snap daemon works hard, but the confinement enforcement and the Snap Store metadata lookups add overhead. Launching a Snap app on the desktop can take 2-10 seconds on a modern laptop where a Flatpak or native app launches in under a second. Server-side Snap CLIs (which are confined less heavily) don’t have this problem, but desktop snaps are consistently slower.
Canonical has been working on this for years, but the architectural overhead persists. If you use GNOME Calendar as a Snap instead of Flatpak, you’ll notice it every time you launch it.
AppImage: Also fast. AppImages start quickly because they’re just extracted and executed. There’s no sandboxing overhead or store metadata lookups.
If startup time matters (and for a calendar or note app, it does), Flatpak or AppImage beat Snap decisively.
Theming and Integration
Linux desktops have GTK and Qt, and apps that use them expect to inherit your system theme. How much does each format respect that?
Flatpak: Good theming support. Flatpak sandboxes inherit theme data through the XDG Portals system. A GTK app running in Flatpak can read your GTK theme preference and apply it. Qt apps get similar treatment. Theming works, though there can be slight lags if a theme is available in your distro’s package manager but not in Flatpak’s runtimes.
Snap: Theme integration works but inconsistently. Snaps can access system theme data, but the confinement can sometimes get in the way. You might have a Snap app that doesn’t pick up your dark mode preference, or where font sizes look slightly off. This is a death by a thousand papercuts, not a showstopper.
AppImage: Varies wildly. Since AppImage doesn’t sandbox, it sees all your system themes and usually integrates well. But some AppImages bundle their own GTK/Qt libraries, which can lead to the app using an ancient theme engine. It depends entirely on what the developer bundled.
Portals: Desktop Integration Beyond Files
Linux has an XDG Portals system that lets sandboxed apps request permissions for common things: camera access, microphone, printing, screen sharing, opening URLs. These are permission prompts the user sees.
Flatpak: Portals as first-class citizens. Flatpak was designed around portals. An app that needs your camera prompts you through the portal system. This is clean and explicit.
Snap: AppArmor plugs, not portals. Snaps use AppArmor-based access controls, not the XDG Portals API. This means less granular permission prompts and more of a “allow or deny this whole category” approach.
AppImage: No portal support. AppImages run unrestricted and don’t use portals at all. The app just asks the OS directly, and it either has permission or it doesn’t.
Where Each Format Wins
Flatpak wins on the desktop. Flathub is the de facto standard for Linux desktop applications. Fedora, Ubuntu (increasingly), Arch, openSUSE, and distro-agnostic projects all ship to Flathub. A Flatpak app works the same everywhere. The sandbox is sensible without being oppressive. Updates are reliable. This is where Flatpak owns the market share.
Snap wins on Ubuntu and servers. Ubuntu ships snapd by default, so Snap is the path of least friction on Ubuntu. On the server, Snap CLIs (tools like lxd, multipass) are useful and don’t have the desktop startup tax. Canonical backs it, so there’s an enterprise funding model.
AppImage wins for portable distribution and one-off binaries. If you need to ship a single executable that runs on any distro without installation, AppImage is unbeatable. Scientists who build single-binary tools, indie developers shipping from GitHub, and people who need to run something in an air-gapped environment all lean on AppImage.
A Decision Matrix
| Use Case | Best Choice | Why |
|---|---|---|
| Desktop app from a major project | Flatpak | Flathub review, fast, sandboxed, auto-updates |
| Ubuntu desktop app | Flatpak or Snap | Snap is easier on Ubuntu, but Flatpak is faster |
| Ubuntu server CLI tool | Snap | Built in, auto-updates, works well at scale |
| Indie app from GitHub | AppImage | Single file, no install, version in filename |
| Cross-distro binary tool | AppImage | Works everywhere, no dependencies |
| App you’re packaging for your org | Flatpak or Snap | Flatpak if you want sandboxing, Snap if you want simplicity |
| Something you run once a year | AppImage | Lowest overhead, no maintenance burden |
| Daily-use power tool | Flatpak | Fast startup, reliable updates, sandboxed |
The 2026 Landscape
Here’s where we actually are:
-
Flatpak has won the desktop. GNOME, KDE, and distro-independent projects all ship to Flathub. It’s the default for Linux desktop software distribution. If you’re a desktop app developer, Flathub is where your users look.
-
Snap is the Ubuntu server default and a desktop afterthought. Canonical maintains snapd as a system service on Ubuntu, and server folks use Snaps for CLI tools because it’s there. Desktop users tolerate Snap on Ubuntu but prefer Flatpak when it’s available.
-
AppImage is the escape hatch for everything else. If your distribution doesn’t have a package, Flathub doesn’t have your app, and you don’t want to maintain a PPA, you ship an AppImage. It’s the format of choice for indie software, academic tools, and anything that needs to run on Linux machines where you have minimal control.
Canonical has tried to make Snap the universal package format, and it’s succeeded on Ubuntu and in pockets of the server world. But the desktop community voted with its feet: Flatpak is faster, more transparent about permissions, and backed by a community that listens. Snap’s mandatory auto-updates, slow startup, and Canonical-controlled distribution model have soured many users.
AppImage won’t replace either of them because it doesn’t try to be a system package manager — it’s just “here’s a file that runs.” That simplicity is exactly why it survives.
The Practical Take
If you’re installing apps, use Flatpak first. It’s fast, sandboxed, and works on every distro. If it’s not on Flathub, check Snap (especially on Ubuntu). If neither exists, grab an AppImage and organize your Downloads folder before they take over your life.
If you’re packaging an app, ship a Flatpak to Flathub. It’s the format the community has standardized on. Snap if you’re working with Canonical or targeting Ubuntu specifically. AppImage if you need maximum portability and don’t care about updates.
And if you’re using Ubuntu on the desktop, remember: you can install flatpak and use Flathub even though Snap is pre-installed. You’re not locked in. The best part of Linux is the choice. Use it.
The art of not wasting time is knowing which tool saves you time and which one just feels familiar.
