Encrypt file so no 3rd party app can see it

good_boy

The Dropbox SDK allows apps have only two types of access types, Specific folder or full dropbox.

 

This is an issue. If I choose specific folder, and the user uploads sensitive docs, any 3rd party app which the user also uses, can see that sensitive doc if the user has given the 3rd party full access.

 

There should be some encryption or access control, so that any random app does not see file contents not created by them.

 

Dropbox does know which files were created by the user or the apps. This should be possible.

 

Ofcourse, if the user itself logins to their dropbox from the official dropbox app, they can see their files in them but not through any other 3rd party apps.

 

This also defeats the purpose of apps asking for specific folder access. Any 3rd party apps with full dropbox access can read and possibly modify any file.

 

What can we do in meantime?

 

Greg-DB

Thanks for the feedback! Dropbox doesn't offer a way to prevent third party apps with full access from accessing certain content like this, but I'll pass this along as a feature request. (The "app folder" permission is meant to work in the other direction, in that it prevents an app with the app folder permission from accessing the rest of the account.)

I don't have a way to prevent this on the Dropbox side, but you can apply whatever encryption you want in your app itself, before uploading the data, and then decrypt it after downloading it.