Via the snapshot feature, users can download and access their attachments. Here is a little more info on how these attachment links are protected:
First of all, the user needs to be logged in to be able to download the attachment; and users can only be logged in if they are also logged in to the related cloud app.
This means that if you would open the same attachment URL in incognito mode, it will not work.
This also means that it is not possible to bruteforce the “public” URL as a user can only generate a link when he is logged in.
Secondly, when the user wants to download the attachment, we will generate a temporary public URL which will expire after 1 hour and has a random signature. This is in line with the best practice to share files and is very secure.