When you publish a new File Upload Form, it is public by default meaning anyone on the web can access your form and submit a response. However, there are few things to protect your Google Form from spam and also make is available only to select users.
Open the Spreadsheet, go to Addons > File Upload Forms > Settings and specify a Form Password. The default is NONE meaning the user need not enter a password but you can enter any password here and only users who know the password can fill your form.
When design the form inside the online form builder, add a CAPTCHA field and your form will be protected from spam bots. The CAPTCHA is powered by Google reCAPTCHA and therefore pretty foolproof.
When publishing the file upload form as a web app, you get a few options. Selection the option that works perfect for your case.
Inside the spreadsheet, go to Tools > Script Editor > Publish > Deploy As Web app. Here, under “Who has access”, choose any of the following option:
Anyone, even anonymous- Your form becomes public and anyone on the Internet can access and fill your form.
Anyone- Only users who are logged into their Gmail or Google Account can fill your file upload form.
Anyone, with xyz.com- If you are a Google Apps user, you can choose this option to restrict form access to users who are in your organization.
If you do not see the anonymous option while publishing your file upload form, it is likely because of a setting in your Google Apps domain. The admin may have restricted users from sharing files outside the organization and thus you do not see that option.