do you trust file explorers with your cloud services?

RavenSword

Well-known member
Jan 25, 2013
989
0
0
Visit site
So right now I'm debating whether or not to allow my file manager (its either going to be astro, es, or solid explorer ) to access my drop box and Google drive account. Apparently this will make it a lot easier to move things from my drop box to my phone.

However, I have lots of sensitive (security) info on my drop box and I'm not sure how I feel about other companies other than drop box having access to that.

Do you guys allow this feature in your file manager of choice? do I have anything to worry about?
 

Gekko

Banned
May 15, 2010
5,263
123
0
Visit site
Dropbox integration security hole

John Pagakis
suggested this on September 08, 2012 02:22
Allow me to first go on record as saying I'm a long-time fan of Astro & I like the new interface.

That said, the integration with Dropbox, while impressive, has a rather large security hole.

I have my Dropbox account secured via numeric password (this is a feature in Dropbox that you can switch on; look in settings). I have it on for my Nexus 7 tablet as I have sensitive company data in the folder.

Every time I attempt to access Dropbox via their app I am prompted for that password.

When I associate Astro with my Dropbox account, it asks for that numeric password the first time and then never again. After that first time, I can access my Dropbox folder via Astro unchallenged.

Worse, once that persistent authentication is established, the only way I found to eliminate it is to uninstall and reinstall Astro.

If the password option is on, Astro should challenge me EVERY TIME I go to my Dropbox folder and there should be a way to disassociate my account from Astro.

Please fix this!

Dropbox integration security hole : ASTRO File Manager Support
 

martin larsen

Member
Jul 26, 2013
21
0
0
Visit site
Ok, well I understand your situation. Personally, I wouldn't integrate, of course depending on your feeling just how classified these documents really are. Maybe consider using a password manager, like Dashlane, and have one secure master password and just randomly generated passwords for all your different accounts. I just started to use it, setting up etc takes a while - but in a month or two im looking forward to having only one password to think about.

Im not so much into security, I generally trust developers and just careful and generel awareness is recommended. I hope others can be of more service.
 

Gekko

Banned
May 15, 2010
5,263
123
0
Visit site
Dropbox Hacked? Blames Third Party Apps For Breach
OCTOBER 14, 2014 BY ALEX HERNANDEZ

dropbox hacked Dropbox Hacked? Blames Third Party Apps For Breach

The Next Web is reporting (referencing a reddit post) that Dropbox is the latest victim of hackers who stole hundreds of usernames and passwords. Some of the data showed up in plain text on Pastebin from an anonymous user asking for Bitcoin donations to release the entire list. Some reddit users confirmed the account credentials worked and were legit logins.

The Next Web reached out to Dropbox for a statement and Dropbox responded by denying the service was hacked. Dropbox claims a third party service was hacked and the hackers stole logins from there to try and gain access to accounts on Dropbox.

Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

Dropbox says they detected suspicious activity on the accounts months ago and performed password resets. Recently, Snapchat was also caught up in a squall over hacked data, like Dropbox they blamed third-party applications. Cloud services like these might start to rethink giving access to their API’s to third-party apps, as more users turn to third-party apps for features unavailable in the main app. For now, we recommend changing your Dropbox password as well as an third-party application passwords that might access your Dropbox account.

Source: TheNextWeb