Most linux distributions ship with outdated versions of Anki.
Your tar.gz build doesn’t provide app-armor protection, which can be helpful against malicious 3rd party addons and it’s not guaranteed, that your tar.gz build will run on every distribution.
Flatpak does provide both. App-armor protection and a working application on every distribution that supports flatpak
But there is no official flatpak build of Anki.
Could you create an official supported flatpak build for anki on a regular basis and put the link to it and its sha256 hash on your anki website so that everyone sees, that it is official?
You can also observe out-coming internet connections.
I am not security expert but how flatpak build and sha256 can protect you when you install add-ons to whatever version of Anki, regardless if it is flatpak or not. Add-ons are not part of Anki. You had better look at add-ons code or not install. Or if you don’t trust ask on forum someone if this particular add-on is safe. Or just wait for other more advanced users to test and check up-votes, down-votes. For all Anki add-ons history I have never heard about any malicious add-on.
Any evidence for this statement? It has all that is necessary to run without installing. I have not heard of such distribution. Besides, if users use some really exotic distributions, usually they do it for a specific purpose and Anki is not priority.
AppArmor is better. It’s kernel based, does get better support and with it you can define rules that limits what the process (here anki) is allowed to do. From this perspective, it’s a better design of security.
FireJail runs in userspace and tries to sandbox the process, but it’s possible to brake out of sandboxes. The security of FireJail is not implemented on the OS level.
Well, that’s why app armor is there for.
Flatpak is using app armor, thus each program that uses flatpak does also use app armor and does have its rules.
Addons will only be able to do, what anki is allowed to do inside its flatpak environment.
The design of Anki should be changed in a way, that it provides a sandbox environment for addons and limits its use to this sandbox and specific rules the user has to allow.