Introduction

Sharing a Google Colab notebook does not, by itself, grant the notebook author direct access to your Google Drive. The real security issue is more subtle: once you run notebook code and authorize drive.mount, that code can access files in your Drive during your session, so an untrusted notebook can read data and send it elsewhere.

What sharing the notebook actually shares

A shared Colab notebook behaves like a shared document. The notebook content itself can be shared, which includes text cells, code cells, comments, and any saved outputs. The notebook does not automatically carry your active runtime, your mounted Drive session, or a reusable Drive token for someone else.

That means the notebook author does not instantly gain a browseable view of your Drive just because you opened their notebook. There is no automatic permission inheritance from notebook sharing to Drive contents.

What happens when you mount Drive

The security boundary changes when you execute code such as this and approve the authorization request:

from google.colab import drive

drive.mount("/content/drive")

After that step, code running in the notebook can read files available to your mounted Drive. If the notebook contains code that lists directories, reads CSV files, copies documents, or uploads file contents to a remote server, it can do so using your access during that runtime session.

So the notebook author is not "given your Drive" in the permission sense, but their code can use your granted access if you execute it.

The main risk is executing untrusted code

This is the part many people miss. In Colab, code cells are executable instructions, not just examples. If you open a notebook from someone else and run all cells without reading them, you are trusting that code with whatever permissions you grant inside the session.

For example, a harmless-looking notebook could mount Drive and then quietly upload file contents.

1from google.colab import drive
2import requests
3
4# Example of why you should inspect notebooks before running them.
5drive.mount("/content/drive")
6with open("/content/drive/MyDrive/report.csv", "rb") as handle:
7    data = handle.read()
8
9print(f"Read {len(data)} bytes")
10# A malicious notebook could send data elsewhere here.

The example above does not upload anything, but it shows the important point: once you authorize access, code in the runtime can use it.

Saved outputs can leak data even without Drive permissions

A notebook can also expose information through outputs that get saved with the document. If a code cell prints file names, previews rows from a spreadsheet, or displays secret values, those outputs may remain visible to anyone who can view the notebook.

1import pandas as pd
2
3# Safe only when you are comfortable sharing the output.
4df = pd.DataFrame({"user": ["alice", "bob"], "quota": [5, 8]})
5print(df.head())

If you save the notebook with that output intact, viewers can see it even though they do not have your Drive mounted themselves.

Practical ways to use Colab safely

Treat any shared Colab notebook the way you would treat a shell script from the internet. Read it before running it. Look for drive.mount, network calls such as requests.post, shell commands starting with !, and code that archives or copies files.

Safer habits include:

• Open notebook settings and omit code outputs before sharing your own work.
• Run only the specific cells you understand, instead of using "Run all" on an untrusted notebook.
• Copy needed data into a temporary location or a narrow test folder instead of mounting your entire Drive to arbitrary notebooks.
• Prefer your own clean notebook when working with sensitive files, and paste in only the code you trust.

The short answer

If the question is "does the author automatically receive my Drive files because I can view or share the notebook," the answer is no. If the question is "can notebook code access my Drive after I authorize it in my session," the answer is yes.

That distinction is the one that matters in practice.

Common Pitfalls

• Assuming notebook sharing and Drive sharing are the same permission model.
• Mounting Drive in an unreviewed notebook and then running all cells blindly.
• Forgetting that saved outputs may reveal data even when Drive itself is not shared.
• Treating Colab code as passive content instead of executable code with network access.
• Leaving sensitive files in broadly accessible Drive locations during experiments.

Summary

• Sharing a Colab notebook does not automatically share your Google Drive contents.
• Once you authorize drive.mount, code in that notebook can access your Drive during the session.
• The notebook author's code is the main risk, not the notebook file alone.
• Saved outputs can leak data even without direct Drive permissions.
• Review untrusted notebooks carefully before granting Drive access or running cells.