Tuesday, June 5, 2012

Dropbox access mode - full or sandboxed?

I’d like to share some stats with you:

  • 78% of WikiPack users who have authorised it with Dropbox are using the template wiki in the /WikiPack folder that is created during signup
  • 20% of current WikiPack users never authorised it to access Dropbox
  • 5% of WikiPack users who authorised it with Dropbox are using their Trunk Notes folder

~~~

WikiPack - Full Dropbox, or App Folder?

So my question to you, dear readers, is which Dropbox access mode would you prefer WikiPack to use?

It currently uses Full Dropbox mode to allow you to browse to a folder outside the sandbox containing Markdown files and import them into your wiki, but only 5% of us have taken advantage of that. The vast majority of WikiPack users have been content to create a template wiki in a /WikiPack folder, which might as well be sandboxed in that case.

Please let me know what you think by voting in the poll above, or getting in touch be email/Twitter:

The following is a more verbose post on Dropbox sync:

Why applications use cloud sync

The most obvious reason for using cloud sync services is to share data between applications & devices. For example, if you use the same app on your smartphone, tablet, and desktop devices, you want each instance of the app to share data & settings in order to provide a consistent user experience.

iCloud - sharing application data between devices

On iOS, iCloud serves this purpose well - iPhone/iPad/Mac apps can transparently share data via iCloud. This is fine if you only ever want to access the data with this particular application. It doesn’t help you if you want to work on it with other applications or command-line tools that don’t support iCould.

Dropbox - sharing any data between any device, application, or OS

Dropbox on the other hand is literally just a folder in your filesystem that you can do whatever you want with. Anything in your Dropbox folder gets transparently synced to the cloud, and it has become the de facto standard for sharing data between different applications across multiple operating systems.

The mobile client for Dropbox essentially exposes this filesystem to mobile applications as well, allowing you amazing flexibility in the range of tools you can use to work with your data.

Dropbox access modes

Dropbox offers two modes of API access to third-party applications:

  • Full - applications can read & write to the entire contents of your Dropbox
  • Sandboxed (“App folder” mode) - applications can only read & write to files within their own sandboxed folder

Take a look at your phone, and make a quick list of all the apps you have installed with Dropbox access. I have the following on either my iPhone or iPad:

  • Day One
  • Dropbox
  • Due
  • Flashcards
  • Notes Plus
  • Noteshelf
  • Penultimate
  • TaskPaper
  • TextExpander
  • Trunk Notes
  • WeightBot
  • Writing Kit

Now, click this link to view which Dropbox access mode they’re using. Mine looks like this:

Find any surprises? I was a little surprised to see that only Due App uses App folder mode, which it should as it only serves to share binary data between the iOS/Mac versions, but other apps like TextExpander that use it for the same purpose use Full Dropbox mode. Why do apps like Noteshelf that only export files to Dropbox need full access?

The de facto standard for iPhone app access is Full Dropbox, and most people don’t even know, or care, by why?

A matter of transparency & perceptions

When you authorise an iPhone app with Dropbox, you get a nice familiar login screen which looks like this:

Linking will allow this app to access and modify files in your Dropbox

Doesn’t sound so bad, does it. When you authorise a web application with Dropbox however, it presents you with the following:

This app will have access to your entire Dropbox.
Please make sure you trust this app before proceeding.

Wow, that sounds kinda scary, and is probably why 20% of my users have dropped out right there. What’s the difference in the kind of access to your data? Absolutely none

We inherently trust smartphone apps, because it feels like our data is safe & sound within our phone, but we instinctively distrust web services, probably because many of them have acted like dicks in the past with our data, so who can blame us?

It’s not easy to earn trust as a web application developer, so I’ve been completely open about WikiPack’s Dropbox sync, but having run the numbers, I should probably listen to my users and switch over to App Folder mode.

What do you think?

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)