Application Permissions

When an application is distributed as a flatpak it needs permission to access certain features on the phone, such as using the network, or reading and writing the user’s files. This is done by requesting permissions in the Flatpak manifest file.

The permissions required by an application are included in the finish-args entry of its manifest. The following example shows the first part of a manifest for an application that uses the display and maintains user-specific settings:

    "app-id": "com.example.some_example",
    "runtime": "org.gnome.Platform",
    "runtime-version": "40",
    "sdk": "org.gnome.Sdk",
    "command": "my-program",
    "finish-args": [

Some tasks can be performed without the need to request permissions. For example, each application can store and retrieve user data in its own private area. This mechanism for storing persistent data is described in the section about User Data.

Permissions for Common Features

The table below shows the permissions that correspond to some common features used by applications.


Flatpak Permissions

Display a graphical user interface


Access the Internet using sockets


Access Bluetooth devices


Read and write user’s documents


Read and write user’s downloads


Read and write user’s music


Read and write user’s pictures


Read and write user’s videos


A more detailed description of permissions is given in the Sandbox Permissions section of the Flatpak documentation, which also contains a more extensive list.