I agree that Flatpak’s utilization of sandboxing is weaker in practice than is marketed. I get that many apps ship with home/host filesystem access instead of granular permissions, but it does provide meaningful isolation when used correctly.