Skip to content
Cookie Porter

Google Drive Sync

Cookie Porter uses Google Drive to provide secure, cross-device synchronization without the need for a central database.

OAuth2 Flow

Section titled “OAuth2 Flow”

To communicate with Google services, the extension uses the chrome.identity API:

  1. Request: The user clicks “Sign In with Google”.
  2. Authorization: chrome.identity.getAuthToken requests access to the drive.appdata scope.
  3. Token: An access token is returned and stored in memory (not persisted) to perform API calls.

App Data Folder

Section titled “App Data Folder”

Cookie Porter stores its data in a special hidden folder in the user’s Google Drive called the Application Data Folder.

  • Privacy: This folder is only accessible by Cookie Porter. The user cannot see these files in the standard Drive UI, and other applications cannot access them.
  • Security: Since the data is already encrypted with AES locally, the file stored in Drive is double-protected (AES + Google’s infrastructure).

Sync Flow

Section titled “Sync Flow”
  1. Local Change: User saves a new session or note.
  2. Encryption: Data is encrypted and saved to chrome.storage.local.
  3. Upload: The extension initiates a background sync to upload the encrypted bundle to the App Data Folder.
  4. Download: On other devices, the extension checks for a newer version in Drive and merges it with the local storage.