Google Drive users might receive an email earlier this week, about a security update for the file storage and sharing platform. This email says that Drive will apply an update to improve security.
The changes which the update brings are a security upgrade for several Google Drive files shared by previous users.
This is claimed to make it difficult for criminals to find files that are shared and don’t want to be exposed publicly. However, this update doesn’t change anything else regarding the fundamental security flaw of Google Drive’s link sharing feature.
There are two ways to share files on Google Drive. The first one is called Restricted Sharing. In this mode, the user must provide the email addresses of colleagues and co-workers who will gain access to the file.
If they are signed in to their Google account, they can access the files by searching by the shared URL address. In recent years, this feature has been prominently featured in the sharing dialog section of Google Drive.
The second sharing mode, known as Link Sharing, provides access to other users who have a link to the file. It simplifies the process of sharing with many people and reduces the complexity of the process due to manually entering the email addresses of colleagues one by one.
Only by activating the Link Sharing feature, copy and paste the link in the collaboration tool that the user organization uses, and all colleagues will be able to access it easily.
Google and other cloud storage services include Microsoft and Dropbox generate a unique URL for each document that a user creates. This URL is a combination of characters that is difficult to guess.
A few years ago, Google released an update to its file address earning scheme to make it harder for other users to guess the document URL. However, if a user is sharing a file from around early 2017, then the URL used is still in the old format.
This Google Drive security update is applied to the file and adds an extra parameter to the URL of the shared document, titled resource key. Other users who previously accessed the file will still be able to access it with the old version link, without the resource key parameter.
Whereas users accessing files for the first time will be required to submit an access request, requiring the file owner’s approval. This security update will prevent criminals from guessing URLs and secretly accessing files.