When authorizing the Google Drive connection via gcd_start the following permissions are being asked: “See, edit, create, and delete all of your Google Drive files”. Which looks like duplicacy is asking for “drive” scope.
This is excessive. All Duplicacy needs is access to files it creates itself. Which means, “drive.file” should suffice.
In addition, it would be great if there was an option to choose to use AppData folder instead (like Arq does in the recent version) – this would require drive.appdata scope which is least restrictive and easier for the user to grant.