What Is Drive.Google.com?
The site drive.google.com is the URL for Google Drive, Google’s cloud storage and file sharing platform. Google Drive offers a limited amount of cloud storage space for free which allows you to store media in Google Drive without it taking up your smartphone’s storage. If you have a Google Drive account, you can get access to it on any web browser by pointing to drive.google.com/drive/my-drive. There is also a Google Drive app preinstalled on Android.
Website: https://drive.google.com/
Is Drive.Google.com Safe?
I conducted a series of malware tests to find out if drive.google.com is safe and legit. Here are the results:
I installed the Malwarebytes Browser Guard on my Edge browser and was able to browse the site drive.google.com without any issues.
To check this further I ran malware scans with Malwarebytes and Spybot on my computer after browsing the site drive.google.com and they returned no malware detection. I also ran a system-wide scan with Microsoft Defender and no malware was found.
To try to confirm that the site is clean, I also checked the site drive.google.com on the online malware scanner Sucuri and it returned with no major issues. You can see the same here: https://sitecheck.sucuri.net/results/drive.google.com
Sucuri says the site drive.google.com wouldn’t allow a scan on the login URL listed below:
https://accounts.google.com/signin/usernamerecovery?continue=https://drive.google.com/&service=wise&osid=1&ifkv=AWnogHfTTu2opbdEg1bdBSY_R_TnPR4-oKBlr2dWCFglAvLXhDeZWBa7pVdgJSKNj7xRmW2PEKR7MA&hl=en
However, I can see this is just a log in page and not a big deal.
Sucuri says it was able to scan the rest of the site drive.google.com and that it didn’t find any malware. Sucuri also says that none of its associated security vendors have blacklisted the site drive.google.com, meaning that they don’t consider the site to be malicious.
Some hardening improvements could be made such as solving the missing security headers listed below:
Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors ‘none’. Affected pages:
https://policies.google.com/privacy?gl=US&hl=en
https://policies.google.com/terms?gl=US&hl=en
https://www.google.com/drive/Missing Strict-Transport-Security security header. Affected pages:
https://accounts.google.com/signin/v2/’ _.C(_.Uv(h).replace(/;/g,
https://policies.google.com/privacy?gl=US&hl=en
https://policies.google.com/terms?gl=US&hl=en
https://www.google.com/drive/Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src
The ‘unsafe-eval’ keyword in Content-Security-Policy is not recommended. Please consider fixing the JavaScript code.. Affected pages:
https://accounts.google.com/ServiceLogin?continue=https://drive.google.com/&dsh=S-620203567:1677852175745581&emr=1&flowEntry=ServiceLogin&followup=https://drive.google.com/&ifkv=AWnogHfu-AB_CMUXRr5GfBdOhnnGYAetnhiS4hj5kIXp-jY2s1eohNZDUPvdVyOkms8Pq1vBQzWjNw&nojavascript=1&osid=1&service=wise for Google’s UA
https://accounts.google.com/ServiceLogin?continue=https://drive.google.com/&dsh=S1259085856:1677852175979680&flowEntry=ServiceLogin&followup=https://drive.google.com/&ifkv=AWnogHfKmvaIwLLSVq19DMM-4FqSAgbsPGZe_GRAW1d_GkQC6qA3dLPAIB3MAoO1C2qvuJuGNWSvZg&nojavascript=1&rip=1&service=wise
https://accounts.google.com/ServiceLogin?continue=https://drive.google.com/&dsh=S621351923:1677852176219096&emr=1&flowEntry=ServiceLogin&followup=https://drive.google.com/&ifkv=AWnogHfJxBfeCAI56GgA4q1uSPaEsLCqEenrwS6biuhYZ3p_9_4WMS9p17gW8l9ueLWdsPoRSuem&nojavascript=1&osid=1&service=wise
https://accounts.google.com/signin/v2/’ _.C(_.Uv(h).replace(/;/g,
https://accounts.google.com/signup/v2/nojs?service=wise&continue=https://drive.google.com/
The site should also consider adding an SPF record to prevent email spam.
That said, these hardening issues are minor and don’t change the overall grade of the scan.
Lastly, I ran a malware scan with VirusTotal on the domain drive.google.com and one security vendor has flagged the domain as malicious. You can see the same here: https://www.virustotal.com/gui/domain/drive.google.com
1 out of 88 security vendors flagging a site doesn’t mean a site is malicious; it could be a false positive.
In conclusion, the site drive.google.com is a low security risk and doesn’t have malware according to Sucuri. Moreover, only one security vendor associated with Sucuri or VirusTotal has flagged the domain as malicious. The most likely scenario is that one security vendor has a false positive given that 87 other vendors didn’t flag the site as malicious.