Does 1Password really need complete access to my dropbox account?
Hi,
installing the beta version of 1Password for Android I've noticed that it require full access to my Dropbox account. My question is: is it really necessary?
I mean: I would like to give the app (whatever app) access to dedicated sections of my dropbox account. Why should 1Password being granted to potentially read all of my files when it only need access to its files? Or is it a limit of the dropbox api?
Thanks,
Lorenzo
Comments
-
+1
I can understand why they might want full access in order to discover any / all databases that are on the dropbox service, but I would much rather it be limited in scope to a single AgileBits or 1Password folder. I love how O'Reilly books keep their required permissions tidy.
Certainly a security-focused app can appreciate the Principle of Least Privilege?
Please heavily consider either changing your permissions needed, or giving the option of changing them.
0 -
I would also like for them to restrict the scope of dropbox access asked for. Neither Helium or Titanium backup require access to the entire dropbox.
0 -
Generally speaking, I really abhor services that require complete access to Dropbox, and I wonder why Dropbox does not provide permission settings to ensure that malicious services don't go poking where they aren't suppose to. I am not so picky with 1Password, since at least it is an app (and I assume it is not nefarious enough to send my login data back to an agile bits server) and not a web service. Nonetheless, in principle, I agree that there is no reason for 1Password to have complete access, and as a security conscious user, I too would sleep better if access was limited. In addition, it would be more organised if the keychain were not located in the root directory. A user assigned location would be perfect. Thanks!
0 -
I'll admit that I don't know what the Dropbox app works like in terms of allowing other apps limited access but it would certainly feel better to just point out the 1password keychain(s).
0 -
I completely understand your concerns and I can relate. I don't usually give apps full access to my Dropbox either. The short answer for why we ask permission for full access is that we need to be able to look for your keychain in multiple locations. The long and more complete answer can be found here. Please give that a look and let me know if you still have any questions.
0