You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
icab_80
7 months agoExplorer | Level 3
Potential security problem with Google Sign-In, even with 2FA when accessing my account.
I have an Android phone with a Google account. If I install the Dropbox app, the login screen prompts me to use Google Sign-In to log in to my Dropbox account. If I accept, I get automatically logged...
- 3 months ago
icab_80 wrote:
Ideally what I want is to completely disable Google Sign-In ...
There is no option for that within Dropbox.
Auto sign-in is disabled ... Despite this, it still lets me auto sign-in in the Dropbox app.This sounds like an issue with your Google account or phone, rather than a problem with Dropbox. If you're signing in with Google and Google isn't allowing you to confirm the sign-in, that's on Google. Dropbox can't control that.
Perhaps it's happening because you've already signed in using Google and allowed access, so it's remembering that connection and just signing in. If so, disable the connection between Google and your Dropbox account (in your Google account settings).
Fix your Google auto sign-in and your issue is resolved.
Megan
7 months agoDropbox Staff
Hey icab_80, welcome to our Community!
Let me ask a few things, to make sure we're on the same page.
You mentioned "If I activate 2FA beforehand from my PC and then use Google Sign-In, then I get an SMS code in the same phone where I'm trying to log in from". Is 2FA currently enabled for your Dropbox account?
I'm asking because if 2FA is enabled on a Dropbox account, you'll still need to enter a Dropbox multi-factor authentication code before logging in with Google. Is this not the case when you use your mobile app?
Let me know more, and we'll take it from there!
- icab_803 months agoExplorer | Level 3
Hello Megan,
Thanks for your reply and apologies for the massive delay in getting back to you, I completely forgot about this.
Yes, 2FA is enabled in my Dropbox account, and yes, this means that I am asked for a multi-factor authentication code before logging in with Google. This is perfect when signing in from my PC: I enter my Dropbox password and the 2FA code that is sent to my phone.
The problem is that when I sign in using the Dropbox app on my phone, then the 2FA code is again sent to the same phone, and even automatically entered into the dialog box without me doing nothing, so it serves no security purpose.
Combined with the fact that Google Sign-In removes the need to enter my Dropbox account, this means that anyone that gains unauthorized access to my phone can download the Dropbox app and use Google Sign-In to access to my Dropbox account, simply by entering the 2FA code sent to the phone. There must be something that I'm doing wrong, because otherwise it's a massive security problem.
Thanks again for your help!
- Rich3 months agoSuper User II
icab_80 wrote:
There must be something that I'm doing wrong, because otherwise it's a massive security problem.
Are you not securing the device itself?
- icab_803 months agoExplorer | Level 3
Hello Rich,
Thanks for your reply. Yes, the phone is secured with the usual screen lock, but if someone were to bypass that, nothing would stop them from gaining access to my Dropbox account, even if I'm signed out and the app is uninstalled, simply by reinstalling it and using Google Sign-In. I'm no security expert by any means, but I don't think that should be possible.
About Security and Permissions
Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.
Need more support
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!