Page 1 of 1

Limit access to Google Drive

Posted: Wed May 01, 2019 12:38 pm
by FlorinDumitrescu
As a new iOS user, I recently purchased KyPass hoping that it will help me keep my KeePass passwords in sync with the other devices that I am using (multiple laptops and an Android phone). The application's description was promising in that regard and after installing it indeed turned out to be indeed integrated with multiple cloud providers, but the problem is that it requires full access on all the files and folders stored within the drive. That seems to be the case with the Google Drive integration (which I'd prefer to use, because I already have a paid account with them), but also with the DropBox integration (which might also be an option for me, but not the preferred one).

There are multiple reasons why I am not comfortable on giving full read / write access to a third party application to my drive (from additional exposure to security risks, to bugs within the app that might accidentally delete files). Is there any way KyPass can be configured to only access / synchronise a certain file / folder on the drive, or full access is the only option? If the second stands true, the application is pretty much useless to me.

Re: Limit access to Google Drive

Posted: Wed May 01, 2019 1:38 pm
by Mr-Fly
If I see it correct you would not be able to share the same file if you don’t have full access to the google drive. If it is restricted every app is in a different folder. If you do the same on Android the database will be in a different folder and so on.
So would it make sense?




Kypass Beta Tester and Moderator

Re: Limit access to Google Drive

Posted: Wed May 01, 2019 5:33 pm
by FlorinDumitrescu
No, I am not referring to the application only accessing its application folder, but rather only accessing a file / folder to which the user grants explicit access. See the https://www.googleapis.com/auth/drive.file scope, as described here: https://developers.google.com/drive/api/v3/about-auth.

As an additional to note to the reason I opened this thread, Google themselves recommend only requesting the minimal set of needed permissions from the users: https://developers.google.com/drive/api/v3/about-auth#what_scope_or_scopes_does_my_app_need