We Want to Hear From You! What Do You Want to See on the Community? Tell us here!
Forum Discussion
Restrict a Connected App to Just One Folder
I have several connected apps to my Dropbox account. Several of them are restricted to view/edit specific folders that are related to them. Others are allowed to view all of my Dropbox folders.
When I connected the apps, I just clicked "allow access to Dropbox".
How can I restrict those connected apps with full access to my folders to the only folder to which they need access? I don't want the apps to see/edit/delete files that are not any of their business.
8 Replies
- Mark
Super User II
I'm afraid you cant - its the developers of the app who set which restrictions they want to use and then you have to simply agree or disagree with it.
- Rich
EpeeFencer wrote:
How can I restrict those connected apps with full access to my folders to the only folder to which they need access?
You can't. This is a choice made by the developer when they create their app. The developer chooses either App Folder access or Full Dropbox access, depending on what their app needs. You as a user can either agree to that access when connecting the app to your account, or choose not to use the app.
I understand that the amount of Dropbox access is determined by the connected app developer. For many connected apps it is an all-or-nothing access decision.
However, for security, it would be great if Dropbox could allow its users to modify which folders a connected app can access, from full access to specific folder(s)/subfolder(s) access.
Are there any Dropbox developers online? Should I contact support to suggest this important security modification?
- Mark
It's been suggested many times before and you'll be able to find and add votes to it at https://www.dropboxforum.com/t5/Share-an-idea/ct-p/101002000
Thank you, Mark. I've voted for restricting connected apps to a specific folder.
However, with only 798 votes, it is unlikely to be addressed. And I think it is an important security issue that should be brought to the top of the list. It should not be the prerogative of the connected app developer whether they can access all files in someone's Dropbox.
I imagine the 768 people who voted for this know about 100x as much about security as the users who are unaware of the problem. I spent two hours researching this because I simply couldn't believe that Dropbox had not addressed this. Dropbox may want to keep things simple for users and developers but this absolutely needs to be fixed. Dropbox is one popular but poorly designed app away from a major security scandal. With all the warnings posted here about the risk this poses to users, the legal liability could be serious.
I agree and feel this should be escalated, but don't understand the proper channels for doing so. This is critical.
This is idiotic. It would be super simple to have either a folder/file list in the connected apps settings, or an ability to add connected apps at the folder/file sharing settings. If I want some company out of god-knows-where to drop files in a folder through their app, why would I give them access to all my data in Dropbox? I guess the workaround is to create a 2nd free account for a particular app, doesn't seem efficient.
