Sept. 13 - Security Update for Google Drive File Links
On July 26, Google is expected to email University faculty, staff, and students about a security update coming in September 2021 that impacts many University of Minnesota Google accounts. The Office of Information Technology (OIT) is aware of the communication and is proactively alerting the University community about the update.
Starting on September 13, 2021, Google will apply a security update to some Google Drive files to make sharing links more secure. Applying the update will increase the security of a given file, but it may cause changes to how people can access impacted files. This update mostly impacts University of Minnesota Google accounts and files that were created before November 2017.
Built-in Google file types including Docs, Sheets, Slides, and Forms will not be impacted, even if they were created before November 2017.
What exactly is changing?
Google will change URLs for Drive files that were created before November 2017 to increase security. Specifically, this security update introduces a new required parameter, called a “resourcekey,” to sharing links. Adding this new security parameter changes the original URL of a file. If you have shared a file, folder, or shared drive (older than Nov. 2017) via URL, that URL may change, and whomever it is shared with may need to request access to view it. Public Google drive links, such as those posted on websites, will need to be updated to include the resourcekey.
This update is being applied to files created before November 2017 in Google Drive to make sharing links more secure.
What impact will this change have on me?
Depending on where you are sharing links to Drive files (e.g., on a public website), you may receive a temporary influx of access requests to files with links that have changed. The amount of access requests also depends on how frequently people view the file.
Who is impacted by this change?
Any account that manages or owns a file (including departmental accounts) that was created before November 2017 and has files impacted by this update will receive an email from Google on July 26.
Users who a file has been specifically shared with or have previously accessed the file via link will not be impacted. Only users who haven’t viewed the file before and are trying to access the file via link, will have to request access.
What types of files are impacted?
Only a subset of Drive files will be impacted by this update. Built-in Google file types (Docs, Sheets, Slides, Forms) will not be impacted.
Impacted files could include PDF, movie (.MP4, .MOV, etc.), and audio (.MP3, etc.) file types, as well as others not listed here.
Will my files be deleted?
No, your files will not be deleted as a result of this security update.
What should I do?
If Google notifies you that you own files that will be impacted by this update, we recommend that you follow the guidance provided by Google in the July 26 email. Please check any departmental accounts you own as they may have files that are impacted as well.
Review your Impacted Files
As of July 26, 2021, you can see your impacted files in My Drive and any shared drives that you manage. To see your impacted files, either go through the email you received directly from Google (Subject line: Security update applied to Drive), or:
- Navigate to My Drive in Google Drive.
- At the top of the page, a security update banner might appear. If yes, select See files.
- If you have multiple drives with impacted files, select one of your drives, like My Drive, to see all impacted files in that drive.
- If the banner doesn’t appear, search for all files that have the security update applied by entering ‘is:security_update_applied’ in the search bar of My Drive. Note: This search shows you all of your impacted files, including those from My Drive and any additional shared drives you manage.
If you received an email about the security update but can’t find any impacted files, you might have folders that are impacted by the security update. To search for folders that have the security update applied, enter ‘is:security_update_applied type:folder’ in the search bar.
Important: You can only view the list of your impacted files for 30 days from when you received the security update notification email from Google. After 30 days, you can use advanced search to find your impacted files.
When reviewing your list of impacted files:
- Replace links. If you know that any of your impacted files are shared (e.g., linked on public websites or in Canvas courses), locate the shared link and replace it with a new link.
- Open the file.
- Click the Share button.
- In the Get Link sections, click Change link.
- Click Copy to copy the new link to your clipboard.
- Paste the new link on your public website, Canvas Course, etc.
- Delete any files that you determine are no longer needed.
- If you manage a departmental account, please review impacted files for that account and reshare or delete as appropriate.