Google plays down security concerns over Docs

Google Docs users shouldn't lose sleep over the security concerns that an application development and IT security consultant has raised about the hosted suite of office productivity applications, Google Inc. said late Friday.

In an official blog post, Google Docs product manager Jonathan Rochelle detailed why the company has determined that the issues included in the consultant's report are far from critical.

Google's conclusions aren't a surprise. Hours after consultant Ade Barkah published his report on Thursday, Google responded with a preliminary statement saying that it was investigating the matter but didn't believe there were significant security issues with Google Docs.

Nonetheless, Google evidently sees some merit in Barkah's report. Google has added information regarding his observations to its Docs "help" pages with information about creating drawings and adding viewers and collaborators to documents.

In addition, Google may make changes to Docs as a result of Barkah's report. "We are also exploring alternative design options that might further address the concerns," Rochelle wrote. "We'd like to thank the researcher for sharing his concerns with us."

Asked for comment about Rochelle's blog post, Barkah indicated that he isn't done with his security analysis of Google Docs. "At this time, new details and test scenarios are still emerging," he said via e-mail. "I appreciate the excellent feedback I'm receiving from Google Security. I am continuing to share my most recent findings with them, and will be able to comment further once our analysis is complete."

Google Docs is offered as a free, stand-alone product as well as a component in the broader Google Apps suite of collaboration and communication applications, which comes in free and fee-based versions and is designed for workplace use.

Barkah is the founder of BlueWax Inc., an enterprise application development consultancy in Toronto, although his blog says that he currently resides in Beijing. His post about Google Docs highlighted what he considers to be three flaws in the way files are shared in the software, which lets users invite other people to view and edit word processing documents, spreadsheets and slide presentations.

First, Barkah noted that images inserted into a document are assigned their own URLs, so that users who have been given access to a particular document can continue to call up the embedded images even if the document is deleted or the document owner later removes their access rights. "If you embed an image into a protected document, you'd expect the image to be protected too," Barkah wrote. "The end result is a potential privacy leak."

Rochelle countered that images are kept independently of the documents in which they appear, for fear that deleting them would break references to them in other documents and external blogs. "In addition," he wrote, "image URLs are known only to users who have at some point had access to the document the image is embedded in, and could therefore have saved the image anyway — which is fully expected."

Ultimately, document owners can request that images be purged from their account, by sending an e-mail to Google's support team at docsimagedelete@google.com, Rochelle added.

Barkah's second observation concerns the ability of someone with whom a document has been shared to view all versions of any diagram contained in it by modifying the image's URL.

In his response, Rochelle pointed out that allowing collaborators to view a document's revision history is a Google Docs feature and that the only people who could see prior revisions of a diagram are those who have been given access to the document in which it is contained.

"We may consider explicitly preventing viewers from accessing drawing revisions," Rochelle wrote. "For now, if document owners decide they don't want viewers to have access to their revisions, they can simply make a new copy of the document — from the File menu — and share that new version. The revision history of both the document and all embedded drawings is removed in copies of documents."

Barkah didn't detail his final concern in his report, in order to give Google time to troubleshoot it. But he said that the issue could allow contributors whose access to a document has been removed to in some cases get back into it without the owner's knowledge or permission.

Rochelle explained that the scenario involves the use of a Google Docs feature that enables invitations to access documents to be forwarded to more than one person. Google added that feature in response to requests from users who wanted to forward invitations and share documents via e-mail lists.

"Invitations sent using this feature contain a special key on the document link," Rochelle wrote. "This feature can be disabled at any time to expire previously distributed invitations which contain that special key." To do so, users can disable the feature by unchecking it, he said. The feature is called "Invitations may be used by anyone" in documents and presentations, and "Editors can share this item" in spreadsheets.

Privacy and security controls in Google's hosted applications have been in the news recently. Last week, the Electronic Privacy Information Center filed a complaint asking the Federal Trade Commission to stop Google from offering hosted services that collect data, until privacy controls can be verified.

Earlier this month, Google acknowledged that a glitch in Docs caused some documents to be exposed to users without proper permission. The problem occurred among users who had previously shared documents. The company said it affected fewer than 0.05% of all documents.