What permissions are required to use YNAW?

When you sign up to YNAW, you are asked to accept the following authorizations:



Authorization scopes

Explanations

Google Drive icon See, edit, create, and delete all of your Google Drive files

This scope is required to perform the following actions:
  • Creating an initial YNAW folder
  • Creating files/folders in the YNAW folder
  • Listing files and folders in a tree-like navigation
  • Previewing file content
  • Displaying file metadata (last modifying user and date/time)
  • Accessing the users shared folders when requested by the user via browser URL.
  • Moving files and folders
  • Sending files and folders to trash
  • Copying files and folders

See and download your contacts

  • Read your contacts to allow sending invites

Google Drive icon View and manage your Google Docs documents

This scope enables you to link to other Google docs from a YNAW page.


Can the YNAW server access my files?

No.
At no point can the YNAW server view or access your files.

All requests to the Google Drive API are done through the Google Client API. Which means your data is securely accessed by your browser, the server never see's it or has access to it.

If you are particularly curious, feel free to open up the network tab. There is an initial server call to /api/user to authorize the user. But otherwise all network requests to Drive are made using https://content.googleapis.com directly.

Network tab

Can YNAW delete my files?

YNAW can move files to trash if you click to "remove" on that file, it does not delete files permanently.

Why does YNAW need full access to Drive?

In order to share projects with your team members YNAW needs access to the files in your shared folder. Full access is required to access the shared folder.

It also is required for files that are not explicitly created by the app (if you copy a new file/folder into the YNAW folder). Apart from those 2 specific cases, all operations fall within the YNAW folder and do not need access to files outside the YNAW folder.

Has Google Audited your app?

Yes!
Google has audited the YNAW application to confirm that it is secure.

The audit includes a detailed list of the permissions that YNAW requires as well as actions that YNAW performs. Google also signs into the app to test the funcitonality.

What data is stored by YNAW?

Data stored

How safe is your data?

Your data is stored in a Google Firebase database. It is stored securely using Firebase's recommended security settings.