While that's true, at least some users are protected. I've never really bought into that particular criticism of mobile. Users are going to click through regardless until they've been burned a bunch of times. The users who pay attention to those prompts are the ones you want to benefit, and hopefully eventually those other users will be trained into the safer behaviour. (Yeah I hear myself)

As it stands though, flatpak out of the box has all the security issues of running old unpatched systems in order to mostly have compatible runtime environments, which, in my experience, don't actually buy me that much. The few times my distro hasn't already shipped a copy of an application, AppImage, Flatpak, or Snap haven't had the solution either.

This entire experiment we're doing with "ship the developer's box" as the new standard of software delivery and the different warring philosophies employed to turn that into a reality are interesting. My money is on the least secure, least safe, least functional, but best marketed thing winning out.

On the other hand my family learned the opposite lesson (without assistance from me).

They essentially deny every such permission request and for the few they actually care about (getting notifications from 2 or 3 of the 50 apps that want notification access) they come and asked for assistance.

One of the nice things about the iOS ecosystem is that apps aren’t allowed to be nonfunctional if you deny them access to something.