Dropbox Improves Third Party API’s and Beefs Up Security

Posted 10/23/2011 at 7:57am | by Justin Kerr

2

Comments

Print

We’ve recommended Dropbox to our readers more times than we can count, but with good reason. Recent security issues aside, its still the best file storage / sharing service in town, and that doesn’t appear to be changing anytime soon. Dropbox has always had a very robust and flexible set of third party API’s, but on Friday the company announced these would be expanding to offer not just more flexibility, but improved security as well. 

What does this mean for your average Dropbox user? For one, they are adding support for application specific folders. This means when you install a camera app on your phone for example, you can authorize it to place images in one or more folders of your choosing, without giving that application full access to your entire Dropbox. Third parties will also now be able to tie into the versioning system, which will allow users to jump back to an older version of a file, or recover something that was accidentally deleted. 

That covers off the most noticeable changes from a user experience standpoint, however security is also getting a rather important makeover. As opposed to simply typing your Dropbox information into random websites or phone apps, third parties will need to redirect users to the website and allow you to enter your credentials directly. By doing this third party apps are assigned very specific permissions, and never get an opportunity to store your user name and password. This approach makes it easier for users to manage third party access, and more importantly, make it easier to revoke access if needed. 

Its great to see Dropbox finally taking security seriously, but they are still missing a few critical features that prevent us from recommending it as a solution for your sensitive data. Multi-factor authentication and client side encryption aren’t just nice to have features for cloud storage these days, its critical for anything you’d like to keep private. Dropbox has openly admitted that each file is scanned and checked against their database for duplicates prior to uploading, and a copy of your encryption key is kept on-hand as a result. This doesn’t mean someone at Dropbox HQ is sitting around sifting through your files just for kicks, but its still a pretty big security vulnerability.