Canonical to Manually Review Snap Store Apps Due to Fake Crypto Wallets
The Snap Store, the app marketplace for distributing Snap packages on Ubuntu, has been targeted for several months by fake cryptocurrency wallets designed to steal users’ assets. In response, Canonical engineers have announced that all apps uploaded to the store will now undergo manual review.
Background: The Fake Exodus Wallet Incident
Attention was first drawn to this issue by Alan Pope, a former Canonical and Ubuntu employee who remains active in the ecosystem. In February 2024, Pope shared on his blog how a Bitcoin investor lost nine bitcoins (worth about $490,000 at the time) after using an Exodus Wallet app from the Snap Store.
Exodus is a well-known cryptocurrency wallet, but the victim had downloaded a fake version that transferred all funds to an unknown address immediately after the user entered their 12-word recovery phrase (something the real Exodus developers strongly advise never to do).
Pope noted that cryptocurrency is inherently risky. However, the Ubuntu App Center, which presents the Snap Store to desktop users, had marked the fake Exodus app as “Safe,” and the web version of the Snap Store described the fraudulent apps as “safe to run.”
This “Safe” label refers to the fact that Snap apps are automatically updated containers protected by sandboxing. However, the green checkmark and “Safe” label can be misleading, especially for newcomers to Ubuntu, Snaps, and Linux in general.
Pope also pointed out that once an app is uploaded to the Snap Store, it is “immediately searchable, and anyone, almost anywhere, can download, install, and run it”—with no human involvement in the process.
The story continued with more fake apps and further blog posts from Pope, highlighting the ongoing problem.
Canonical’s Response and New Policies
Following Pope’s posts, a discussion arose in which Mark Shuttleworth, founder of Ubuntu and CEO of Canonical, responded to questions about whether cryptocurrency apps should be banned entirely.
Shuttleworth agreed that “cryptocurrency is, for the most part, a cesspool of the worst intentions,” but he believes Ubuntu developers should “challenge themselves” to implement additional security measures, making apps safer for people vulnerable to social engineering. “It’s a very hard problem, but I think we can and should take it on,” Shuttleworth wrote.
He described the situation with fake wallets as a “quiet war” that developers have been fighting against attackers for several months.
Soon after, Holly Hall, Head of Product for Ubuntu at Canonical, posted on the Snapcraft forums about a new policy: all new Snap registrations will be manually reviewed. Canonical staff will check apps and contact publishers to verify snap names and intentions. Any name that raises suspicion—especially those related to crypto wallets—will be rejected. Additionally, a separate policy for publishing crypto wallets in the Snap Store is expected in the near future.