[consteval]

IMO, these "insufficiencies" should be addressed by safer APIs. The solution here should NOT be to just grant the app file permissions across the board.

For example, Search could be expressed as a separate permission and API operation. I see no reason why you need full file access to do a text search - the OS API can, and should, handle that.

The trouble here is people store all kinds of things in Google Drive, includes photographs. These could easily be exfiltrated to a server. This could cause identity theft, black mail, you name it. Performing a text search IMO is not a good enough justification for the potential risk of that situation.

[iggldiggl]

> For example, Search could be expressed as a separate permission and API operation.

Then maybe after years Google eventually deigns to add a search API, which is great, except you actually also want to do search and replace and they didn't implement that. Or maybe you want to do search and/or replace with regex support, and the new API doesn't support that either.

[StewardMcOy]

iggldiggl makes some good points about APIs not being flexible enough, but I also have to ask why go through the complexities of extra APIs? If I'm installing an editor and using it to open my files, I already trust it implicitly with all of my data. That means I also trust it to be reasonably free of RCEs that could modify or exfiltrate my data.

I could see your point if this was some fly-by-night web app accessing Google documents. But this is a native app I'm running on my phone or computer. I may have legitimate reasons to access those photos, to embed them into a document.

[consteval]

> already trust it implicitly with all of my data

I don't think this is the case for most people in this scenario - at least in a general sense.

For a typical desktop editor sure, but for a mobile editor that goes through Google Drive I wouldn't expect it to have any access to any file in my Drive. And if it did, this could be trivially be used for many horrible things. Meaning, the "type" of data stored in Google Drive versus someone's Documents folder is very different.