Need to see if your shared folder is taking up space on your dropbox 👨‍💻? Find out how to check here.

Forum Discussion

good_boy's avatar
good_boy
Explorer | Level 4
8 years ago

Encrypt file so no 3rd party app can see it

The Dropbox SDK allows apps have only two types of access types, Specific folder or full dropbox.

 

This is an issue. If I choose specific folder, and the user uploads sensitive docs, any 3rd party app which the user also uses, can see that sensitive doc if the user has given the 3rd party full access.

 

There should be some encryption or access control, so that any random app does not see file contents not created by them.

 

Dropbox does know which files were created by the user or the apps. This should be possible.

 

Ofcourse, if the user itself logins to their dropbox from the official dropbox app, they can see their files in them but not through any other 3rd party apps.

 

This also defeats the purpose of apps asking for specific folder access. Any 3rd party apps with full dropbox access can read and possibly modify any file.

 

What can we do in meantime?

 

API

3 Replies

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    8 years ago
    Thanks for the feedback! Dropbox doesn't offer a way to prevent third party apps with full access from accessing certain content like this, but I'll pass this along as a feature request. (The "app folder" permission is meant to work in the other direction, in that it prevents an app with the app folder permission from accessing the rest of the account.)

    I don't have a way to prevent this on the Dropbox side, but you can apply whatever encryption you want in your app itself, before uploading the data, and then decrypt it after downloading it.
  • good_boy's avatar
    good_boy
    Explorer | Level 4
    8 years ago
    Hey
    Can you please supply a snippet for uploading docs with encryption. JS example would be good.
    Your example would be a better research into this than blindly hoping to stumble on the right one. Dont want to play with users files and pray to god at the same time.
  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    8 years ago
    I don't have a sample of applying encryption client-side unfortunately.

    Exactly how you apply client-side encryption would be unrelated to the Dropbox API itself , so you may want to refer to general encryption utilities/documentation, or consult with a security professional.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!