There are quite a lot of these apps. Some ones I’ve run into:
Foliate (GTK app)
Standard Notes (electron app)
Signal Desktop (electron app)
Element Desktop (electron app)
All of them either fail on startup (the electron ones) or run in a degraded mode, like for example Foliate tries to write to a database in ~/.config to remember your preference for having the navigation sidebar popped out or collapsed.
On nixOS writing to ~/.config requires root permissions. So what do you do for apps that try to write to ~/.config?
Users on mastodon let me know that it isn’t actually desired for writes to ~/.config to require root permission, so I changed it to only require user permissions with chown. Don’t know how it got that way, but that solves the problem.
The application thus ran with your environment variables (especially $HOME) but with root’s UID.
The application wanted to write to ~/.config, which didn’t exist yet, so it created it.
Because of mentioned environment variable, the directory was created in your $HOME, but …
… because of the process’s UID, the newly created directory was implicitly owned by root.
I fell into a similar trap a few times when (on other Linux distributions) installing software through upstream-provided installer executables with “wizard” workflows (as common for Windows software) and that require root to write to /opt or similar locations, but at the end of the installation process launch the installed application for you — still as root though, thus poisening their own per-user settings in your dotfiles with root-owned stuff.