Can I use Rclone to read "hidden" folders in Google Drive?

On the Google Drive rclone page:

Google drive (rclone.org)

Thanks! But the documentation is extremely sparce. What should I be looking for? Would it be the “-impersonate” flag? If so, the documentation doesn't really specify how to use that flag. If not, what option would I use?

The part about the app folder:

When you configure the remote, it presents you with some options on picking the scope:

Option scope.
Scope that rclone should use when requesting access from drive.
Enter a string value. Press Enter for the default ("drive").
Choose a number from below, or type in your own value.
 1 / Full access all files, excluding Application Data Folder.
   \ "drive"
 2 / Read-only access to file metadata and file contents.
   \ "drive.readonly"
   / Access to files created by rclone only.
 3 | These are visible in the drive website.
   | File authorization is revoked when the user deauthorizes the app.
   \ "drive.file"
   / Allows read and write access to the Application Data folder.
 4 | This is not visible in the drive website.
   \ "drive.appfolder"
   / Allows read-only access to file metadata but
 5 | does not allow any access to read or download file content.
   \ "drive.metadata.readonly"

Pick 4.

Test it out.

I think my question wasn't very clear. I don't want to mount an app data folder of my own, from scratch. I want to connect to a third-party, hidden app data folder that normally you don't get access to through Google Drive. This means I'd have to somehow track down the appropriate client ID/secret pair, and mount that with Rclone...if that's even possible. I don't think the documentation covers this specific case.

Again, please try.

Configure a remote.
Pick 4 when you configure it.
Check if you see your app data folders.

Here is another thread that references what I'm trying to do: Google Drive - support for hidden appDataFolder

The app folders I'm trying to access (read/write/download access) were created with a different client_secret than Rclone has. They are hidden folders created by other developers.

Did you try what I suggested ? Can you share the results?

You linked an old feature request that has been done already.

I really appreciate the help. No, unfortunately this does not work. I created a remote, called it GSuiteApps, and entered 4 at the scope prompt.

Then I mounted it thus:

~/rclone/rclone mount GSuiteApps: ~/GSuiteApps/

Rclone didn't complain with any errors, the drive appears to be mounted. But it's completely empty, no folders or sub-folders are there.

Again, this is what I would expect, since I think this will have basically created an empty, hidden folder that I can upload to, which no other apps can access. But this is basically the opposite of what I want. I want to access those other, hidden app folders created by other developers.

Any other thoughts?

I can give you two quick tips:

I suggest using a simpler command while investigating/troubleshooting, e.g.

~/rclone/rclone lsl GSuiteApps:

Not expert here, but I would guess you need to use the other developers clientID and clientSecret - did you try that?

As a test you can store something in appfolder using the default rclone clientID and the try reading it with your own clientID.

Okay, thank you for that info and confirming this. I had a feeling it would be fairly complicated as you described (e.g. I'd somehow have to procure the other developer's client ID and secret).

As I have absolutely no clue how to do this, I may need to ditch this project altogether.

My objective is to access the hidden app folder that Are Backup uses. I can dump whatever content I want into the Rclone app folder, with the client ID/secret pair I created when setting up my Google Cloud project, but it looks like this data is totally isolated from all other data in my Google Drive.

This is how I thought it would work.

Do you mean Arq Backup?

Yes. Silly auto correct. Arq Backup.

I want to use the hidden app data folder with Arq so that the data doesn't show up in ay other client. But in an emergency, I want to be able to get raw access to that data. Figured I could use Rclone for this, but it seems I'd have to get the appropriate client ID/secret pair somehow.

Exactly and that is probably going to be difficult and (nearly) impossible if Arq security is well-designed.

I searched for "arq backup google drive hidden" and found a reddit thread that may interest you:

Thanks! Yeah...this is way over my head. :slight_smile: I consider myself to be a decently knowledgeable computer user, but Rclone is definitely tricky enough to learn without having to figure out how to grab some client ID/secret pair that is probably hardcoded into the Arq app (it isn't in the keychain).

If you figure out how to do this using any third-party app and can write up some step by step instructions I'm happy to send beer money. :wink:

Thanks, but if I could then I would share the instructions (proof of concept) directly with Google and Arq.

That would actually also be your primary interest if you think about this: Why choose Google, Arq and a hidden holder if everybody can find an easy step-by-step guide on the internet to access/delete your (hidden) data?

Not sure what you're on about? You can easily delete your hidden app data by navigating to Google Drive on the web, select "storage" in the tree view, navigate to settings, and choose "manage app folders" or something like that and delete the Arq data. I am not asking how to bypass security here. There is no security issue.

Arq actually gives you the choice of whether to use the hidden app folder or not. It's a matter of ticking a box in the GUI. You can choose to store your Arq data along with the rest of your "My Drive" data, in which case you can easily access the raw data. The reason I have chosen not to do this is because the Google Drive for Desktop app doesn't (yet?) support selective sync, so there's no way I could exclude the Arq data folder from being re-downloaded to my computer unless I choose to use the hidden app folder.

There's no "proof of concept". You simply have to find the client Id/secret pair and mount the relevant folder using Rclone. I just don't know how to do that...

Sorry, but I see a request for a guide to obtain the Google client ID and secret used by Arq by extraction from the Arq executable or a man-in-the-middle attack on its communication.

Such a guide will reduce the security of Arq and/or Google - otherwise they would be happy to give you the information on request or simply publish it (or a guide to obtain it).

If you disagree, then try asking Arq for their Google client ID and secret.

So my solution I shared works as that's the proper feature and setup to access the hidden app folder, but there isn't a way for rclone to figure out another vendors client ID/secret as we've covered.

If you figure it out, you can plug it in as the feature is there to access the app folder location.

hi, this is something i do, to give access limited access to a folder.

ask the developer to create a service account, that is
--- lock to a single folder.
--- perhaps read-only, as the folder stores backups.

It's actually simpler than that with ARQ, just point to the not App folder for backups.