• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
Guidelines
Is your HP DeskJet 3830 series scanner not working? Here is the solution Click here to view the instructions!
Common problems HP Solution Center not working : Adobe Flash Player Error and Unable to scan
We would like to share some of the most frequently asked questions about HP Solution Center not working : Adobe Flash Player Error and Unable to Scan.
HP Recommended
Laser Jet Pro MFP M281FDW

I was setting up scan to Google drive on my new printer today and found some concerning security settings. Is there any reason why the eStorage app used to scan to Google drive is requesting Full Access?

This seems like an extreme overstep of permissions actually needed in order to scan to drive and opens a rather large security risk.

The relevant access scope being requested:

 

hp_access_req.png

https://www.googleapis.com/auth/drive Full, permissive scope to access all of a user's files, excluding the Application Data folder. Request this scope only when it is strictly necessary.

 

As per Google authentication guidelines here: https://developers.google.com/drive/api/v3/about-auth an app developer should "choose the most restrictive scope possible, and avoid requesting scopes that your app does not actually need."

 

From my prespective, the eStorage app should only need the following permissions:

 

https://www.googleapis.com/auth/drive.file

Per-file access to files created or opened by the app. File authorization is granted on a per-user basis and is revoked when the user deauthorizes the app.

and maybe 

https://www.googleapis.com/auth/drive.readonly Allows read-only access to file metadata and file content

 

Could someone shed some light on how HP can change the access scopes to improve the security posture for this service?

 

Thanks!

Who Me Too'd this topic
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.