cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Encrypt file so no 3rd party app can see it

Encrypt file so no 3rd party app can see it

good_boy
Explorer | Level 4

The Dropbox SDK allows apps have only two types of access types, Specific folder or full dropbox.

 

This is an issue. If I choose specific folder, and the user uploads sensitive docs, any 3rd party app which the user also uses, can see that sensitive doc if the user has given the 3rd party full access.

 

There should be some encryption or access control, so that any random app does not see file contents not created by them.

 

Dropbox does know which files were created by the user or the apps. This should be possible.

 

Ofcourse, if the user itself logins to their dropbox from the official dropbox app, they can see their files in them but not through any other 3rd party apps.

 

This also defeats the purpose of apps asking for specific folder access. Any 3rd party apps with full dropbox access can read and possibly modify any file.

 

What can we do in meantime?

 

3 Replies 3

Greg-DB
Dropbox Staff
Thanks for the feedback! Dropbox doesn't offer a way to prevent third party apps with full access from accessing certain content like this, but I'll pass this along as a feature request. (The "app folder" permission is meant to work in the other direction, in that it prevents an app with the app folder permission from accessing the rest of the account.)

I don't have a way to prevent this on the Dropbox side, but you can apply whatever encryption you want in your app itself, before uploading the data, and then decrypt it after downloading it.

good_boy
Explorer | Level 4
Hey
Can you please supply a snippet for uploading docs with encryption. JS example would be good.
Your example would be a better research into this than blindly hoping to stumble on the right one. Dont want to play with users files and pray to god at the same time.

Greg-DB
Dropbox Staff
I don't have a sample of applying encryption client-side unfortunately.

Exactly how you apply client-side encryption would be unrelated to the Dropbox API itself , so you may want to refer to general encryption utilities/documentation, or consult with a security professional.
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    good_boy Explorer | Level 4
What do Dropbox user levels mean?