Dropbox - Full Access versus Folder Access

One question about Dropbox integration: When I grant you access to Dropbox, I must do it for “All folders and files in Dropbox”.

I use Dropbox for many things, not all of which I want Scrivener to have access to.

Is there a reason we can’t grant Scriv access only to the apps/Scrivener folder in Dropbox? (I want to keep all my Scriv files there anyway… I don’t need them in other folders of my Dropbox.)

Separate, general question: How secure is granting full Dropbox access anyway? I usually reject any app that wants such access.

To clarify, I’m speaking only of the iOS integration.

(my bold)
You don’t grant anyone else access to your Dropbox files, only yourself, your own app on your own device. How secure? At least as secure as iCloud, OneDrive, Cubby, etc. Just as secure as any cloud solution without encryption on the client side.

The reason Scrivener uses full access rather than folder access is so that users can choose which folder Scrivener syncs with. If we used folder access, then users would be limited to using /Dropbox/Apps/Scrivener - they would not be able to choose a different folder. I used folder access to begin with, but the feedback from beta-testers was that they wanted to be able to choose their own folder in Dropbox, one inside the folder they use for their writing projects.

It works exactly the same, though - even though it technically could, Scrivener will never touch anything outside the folder you have chosen. I’ve basically replicated the “folder access” feature of the Dropbox API but made it user-selectable. It essentially sets the subpath of the folder you choose on the API so that it touches nothing outside it, and never knows about anything outside it.

As for security, with Scrivener it’s as secure as folder-only access. You are only granting the app access to upload and download anywhere in your Dropbox folder, and the app can only download into its own container. It’s more secure than on a Mac, where any malicious non-Mac App Store app could freely access your Dropbox folder without you even knowing.

It’s also worth remembering that it is very easy to restore Dropbox even if an app were to do something malicious (and, as I say, Scrivener’s access is limited to the folder you choose, so it won’t!). Last year, my wife asked my son to help her by moving some files on her computer to the Trash. He got over-eager and moved all of the files we share between company staff on Dropbox to the Trash and deleted them all - all of our promotional screenshots, discount code information, internal builds, file format specifications, artwork and more. And, it being Dropbox, all of these files were subsequently deleted off everyone’s computer. Fortunately, one email to Dropbox support and every file was restored an hour later!

I hope that helps.

EDIT: Because this was a good question that other users may have, too, I’ve created an article in our Knowledge Base for it:

scrivener.tenderapp.com/help/kb/ … ull-access

Thank you Keith. By the way, great work on the iPhone app. Long-time user, and very impressed.

Thanks ub, much appreciated!