OneDrive’s Overly Friendly File Picker: A Comedy of Errors in Data Exposure

OneDrive File Picker is giving apps a free tour of your entire cloud storage rather than just the files you wanted to share. It’s like inviting a guest for dinner and having them poke around your attic. Oasis Security warns users to review app permissions or risk exposing their digital crown jewels.

3P
Published: May 28, 2025 1:37 pmAdded: May 28, 2025 at 6:58 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Microsoft’s OneDrive File Picker is like that friend who lets everyone into your house while you’re out of town, claiming it’s just for a quick snack but actually raiding the fridge, rummaging through your closet, and reading your diary. This is a classic case of “who left the keys with the neighborhood kids?” security blunder.

Key Points:

  • OneDrive File Picker’s OAuth permissions grant broad access to entire user OneDrives.
  • Hundreds of applications could exploit this flaw for complete read/write access.
  • Older versions of the File Picker handle OAuth tokens insecurely.
  • Consent dialogs fail to convey the extensive access granted to third-party apps.
  • Google and Dropbox have implemented more restrictive and safer models.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?