Why is Dropbox access global?

I love infuse, but while I use dropbox for all my “stuff”, I simply don’t want to use it for infuse because of very intrusive grants infuse is asking, why?

Why does infuse need global edit on all my dropbox folders? Why the token cannot be following least privilege approach or at least give me the option “all folders for simplicity - default, apps/infuse folder only for maximum security”

As Dropbox own guide states " Always ask for the least amount permissions required by your applications. Requesting more scope and content access than required may result in end users not accepting your OAuth request" Dropbox OAuth Guide - Dropbox

1 Like

People use Dropbox in many different ways, so having access to all files allows Infuse to work for the greatest number of people.

Here’s an excerpt from the guide you linked.

Content Access

As you create your Dropbox application, you will also be prompted to select the scope of file access. Currently, these two options are:

  • App Folder: Your application will be able to take actions allowed by its scopes on data within its app folder only (in the /apps folder). This option is suitable for apps that export content or manage only their content.
  • Full Dropbox: Your application will be able to take actions allowed by its scopes on all data within the user’s Dropbox account. This permission is appropriate when your application needs to regularly access pre-existing content in the user’s account.

Since Infuse is most often accessing existing content, the Full Dropbox option seems to be appropriate here. Aside from that, we have set the permission scope required by Infuse to be as limited as possible.

Also, keep in mind the connection to Dropbox is done directly between your device and Dropbox. This info does not pass through any of our servers, and we have no way to access or see any files you have stored in Dropbox or on your device.

I really do understand the token scope and storage… but still you are basically asking to blindly trust that you are never ever going to do anything unexpected (not even possible bug) - your app has access to a token with full read/write access to all my dropbox folders (it does not matter if its in my cloud store, you have access to it indirectly via app you control)

what I am asking if there is a possibility to offer next to existing access scheme also more restricted grant to a single dropbox directory which would of course mean that I cannot freely browse and play anything from any dropbox folder, but I would have strong guarantee you cannot see/change my personal stuff

1 Like

Dropbox doesn’t currently support having multiple access levels for a single app (there is just one group of access settings to select from that apply to all users), but if they add this in the future we could certainly look into providing options that would be closer to what you’re looking for.

Yeah, I too would like to have some more restricted Dropbox access.

My issue is not that I’m too worried about unauthorized access from Firecore, but more about sharing with others.

I’d like to give my kids access to my Videos folder in Dropbox from their Infuse installations, but I don’t want them having access to my entire Dropbox folder.

Currently I just share direct links to individual files on request but it’s a bit of a hassle.

One workaround for this would be to create a favorite for the Dropbox folder you want your kids to access.

Once that is done, you can enable parental controls and add a PIN code to the main Dropbox share, or any other folders you don’t want them going into. This can be done by long-pressing on a Favorite or folder.

Having Parental Controls enabled also requires a PIN to access the Settings area, which isn’t a bad idea to have enabled for kids anyways.

Yes, thanks, that is a reasonable workaround for now.