Google DocHub bypasses Adobe Security Settings

if a burglar breaks my window and my alarm fails to go off I dont respond by saying that the burglar should have broken in elsewhere to my house... I respond that saying my security system has a flaw

That's not the case. It's like someone invented a good alarm system and then shared it with other security companies so as many people as possible could enjoy it. These companies then went out and provided the master-key to disable that alarm with the entire world... Who's to blame then?

And as much as I like real-world analogies, they don't always work...

Adobe released the PDF specifications to the world. It's an open ISO that anyone can use to develop a PDF viewer. Some companies do a better job than others in doing so, but the responsibility is with them. There's no "ISO police" that enforces the standard. And by the way, when you apply a security policy in Acrobat it is clearly stated that 3rd-party applications might not enforce it.

Oddly enough the bar didn't appear stating that the signatures were invalid or properties altered. You can surely see in the Properties that the document had been edited and the PDF Producer had changed. But it completely wiped the "security method" to No Security. The other way you could tell is that the returned document came back with all of the fillable fields reopened and not flattened and their field properties altered, ie text extending past the field width and adding the black + sign (which was the first tip off). The end users however are just seeing a returned document that has been signed (some using desktop and others using ios) and aren't investigating any further than that. I did do staff education on how to detect this, though I'm not sure how long they'll be diligent about this extra step. For the few customers that we know are using DocHub we're just going to complete the form, print it and then scan it to them for the time being to help prevent adjusting the document and pricing info... this isn't the best solution as they could easily alter if they have Acrobat DC but it wont be as easy within the dochub app.

Google probably did a Full Save, that removed the digital signatures (but left the appearance). Not much can be done with non-compliant applications. Sorry. You probably need to find a way to "flatten" the fields you have filled in (that is, turn them into page content, no longer fields). But Acrobat doesn't have that feature. One workaround is to "re-fry" the document: Save it as a PDF through the PDF Printer. That should flatten everything.

I hadn't thought about the pdf printer... good idea. Thanks. -g

Acrobat can flatten form fields!

margueritek you're awesome!

Just a few notes:

Most of the end users are using Adobe Reader and thus dont have the option to flatten the document via Print Production. Although I did verify that this method did work to prevent dochub from editing the previously fillable fields.

The re-fry method also worked like a charm although I had to use microsoft print to pdf as the "adobe pdf" print option did not work due to the password security protection on the document... when tried it saved a .txt file saying the file was encrypted. When I "printed" the document using microsoft print to pdf it worked and I verified that dochub was unable to edit those fields.

So for now we'll be using this method, only downside is that we need to know which of customers are using dochub or else do this for every single document (which would be quite time consuming). Hopefully the staff over at Adobe will be successful in finding a solution that doesn't require "work-arounds" and will make this process much smoother. Then we can go back to using adobe pdf as it was intended.

Thanks again for all of your help margueritek... glad to hear from someone with solutions! -g