Galrivo.

Privacy and security

What "drive.file" access means, and why it is the safest way to share from Drive

When an app asks to connect to your Google Drive, the kind of access it asks for matters a lot. Here is a plain explanation of drive.file access and why it is the safest option.

Daniel Okafor

Engineer at Galrivo··3 min read

A shield icon glowing softly on a dark screen

When you connect any app to your Google Drive, Google asks you to approve a level of access. Most people tap Allow without reading it, which is understandable but worth a second thought. The level of access decides how much of your Drive that app can ever touch. There is a narrow option and a broad one, and the difference is the whole story for your privacy.

The narrow option and the broad one

Putting the jargon aside, there are two main ways an app can be allowed into your Drive:

  • The narrow option lets the app see only the specific files you hand it. It cannot look at, search, or open anything else. In Google's terms this is called drive.file.
  • The broad option lets the app read your entire Drive: every file, every folder, things you forgot were even there.

Narrow is almost always enough

For sharing, an app only needs the files you actually want to share. If it asks to read your whole Drive just to make a gallery, that is far more than the job requires.

Why the narrow option is safer

With the narrow option, the app physically cannot reach anything you did not pick. It is not a promise in a privacy policy that you have to trust; it is a wall Google enforces. Even if the app wanted to peek at your tax documents, Google would refuse, because those files were never handed to it.

That changes the worst-case scenario. If an app with broad access were ever breached, your whole Drive could be exposed. If an app with narrow access were breached, only the handful of files you chose to share were ever in reach.

A person using a laptop with a lock symbol on screen
Narrow access is a wall Google enforces, not a promise you have to trust.

How Galrivo uses it

Galrivo deliberately uses the narrow option. It only ever sees the photos and videos you pick for a gallery, and nothing else in your Drive. It does not store copies of your files either; when someone opens a gallery, the media streams from your Drive on demand and is never kept on our servers. That pairing, narrow access plus no stored copies, is the heart of the privacy model.

What to look for in any app

Before you tap Allow on anything, ask whether it really needs your whole Drive. A sharing tool that only asks for the files you pick is respecting you by design.

Key takeaways

  • Connecting an app to Drive means approving a level of access.
  • The narrow option (drive.file) limits an app to the files you hand it.
  • The broad option lets an app read your entire Drive, which sharing never needs.
  • Galrivo uses narrow access and keeps no copies, so only your chosen files are ever in reach.

Frequently asked questions

Share your media the easy way

Turn the photos and videos in your Google Drive into one clean link, with a password and an end date if you want. Free to start, no app for the people you send it to.

Make my first gallery

Daniel Okafor

Engineer at Galrivo

Daniel builds the parts of Galrivo that keep your media private. He writes about how sharing actually works under the hood, in language that skips the jargon.

Keep reading