Even if the user explicitly logs out of the Google sites by clicking the “Sign out” link, the Drive client will open a new session without requiring a password. The desktop clients request login credentials only once, when they are first installed and launched.
The backdoor is particularly problematic where a user shares their account with others or where a computer is not password protected. The link also makes accessing a user’s Google account unnecessarily simple for trojans.
Funny that the world only noticed this now? When the downloadable GDrive first came out, I tested it and found out this flaw. Unfortunately, there’s no way to contact Google because they don’t provide any reliable channel. Things such as this, you don’t publicly post in their “forums” (which from my experience, they rarely check, if at all).
Read the original post and comment stream on Friendica
