• GeneralPixel 8
  • OneDrive detecting new photos in a location it shouldn't have access to

I use OneDrive's photo sync function to have my photos taken across my multiple devices be accessible in a central location.

I know it's not a very private solution, but my family has a family Office plan for Office apps, and I might as well take advantage of the 1TB of OneDrive storage space I get as part of the plan. To mitigate the privacy risks of OneDrive getting unwanted access to other files on my GOS device, I set up storage scopes for the OneDrive as follows (screenshot):

  • Main storage/DCIM
  • Main storage/Pictures/Screenshots
  • Main storage/Pictures/Family

In terms of app permissions, I only gave it (screenshot):

  • Network
  • Notifications

Importantly, the Photos and videos permission is set to Don't allow (+ Storage Scopes) (screenshot).

However, when I download multiple photos from OneDrive, OneDrive gives me a notification saying that a new photo folder was detected, pointing to the Main storage/Download folder, which is not part of its storage scopes (screenshot).

This is puzzling, as I don't think OneDrive should be able to scan a folder it doesn't have access to via storage scopes for new photos. What are some possible explanations for this behavior?

The only possible explanation I can think of is that even though Main storage/Download is not part of the storage scopes, OneDrive at least needs write access to the location to save the downloaded photos into the Main storage/Download folder, and it's somehow able to detect the new photos during the download process.

    [deleted] With storage scopes, apps cannot access everything in those folders, just the files that they themselves have created or files that other apps have granted them access to.

    In this case, @Vagabond8630's setup is okay. OneDrive shouldn't be able to see files in Downloads (unless the Downloads folder is added to storage scopes), but the app knows that the folder is there, so it'll suggest adding the folder so that files added to Downloads in the future can be automatically backed up.

    The website explains this behavior here:

    If the app requests the "All files access" permission (or is a legacy app that requests WRITE_EXTERNAL_STORAGE permission), then the write restrictions that are normally applied to apps that don't have a storage access permission are relaxed to provide the same write access that the app would have if it was granted the "All files access" permission. This is done to ensure compatibility with apps that, for example, create a new directory in the root of shared storage, or write a text file (eg lyrics.txt) to the Music/ directory (normally, only audio files can be placed there). No additional read access is granted to such apps, they still can see only their own files.