Comment 3 for bug 1943480

Yes the security team favors both consistency and the principle of least surprise for users here - ie. flatpak should follow the same model as apt/snaps on Ubuntu so that no matter what mechanism is used to install a particular application, the user gets the same consistent experience in terms of being prompted for authorisation etc around updates and the like.

As such, installation of new apps via flatpak should use polkit to authorise the transaction - whilst upgrades should not.