Which Companies Can Read Your Google Mail And Account?

toggle-button

Google app securityWhen you install an add-in for your web browser, it generally asks for permissions to access your account. For example, if you have an add-in that can filter your email and check for important appointments, the app will first ask you to click a link in order to grant it access to your calendar.

Even if you subsequently remove that app or add-in or extension, those permissions remain. So over time, the number of companies which has access to your account will grow.

I always make a point, at the end of each year, to review these access arrangements and delete those that are no longer required. And I recommend that you do too. In the case of a Google or Gmail account, just go to https://myaccount.google.com/security and click on "Apps with account access". You'll then see all the apps and organisations which have access, and you can delete those that no longer need it.

In my case, I found (and deleted) 18 separate companies that could still access my Gmail account if they wanted to.

Please rate this article: 

Your rating: None
4.536585
Average: 4.5 (41 votes)
toggle-button

Comments

I was curious and clicked the link in the article to go to my Gmail account. I clicked the "Apps with account access" link on the left. I saw that I have no apps with access to my account and no saved passwords, however, the option "Allow less secure apps" was turned on. I turned it off. I was using Firefox on a desktop PC.

My desktop Thunderbird client quickly received two copies of the same email, one to my backup non-Gmail address and one to my Gmail address. It alerted me to a blocked sign-in attempt "from an app that may put your account at risk." It did not name the app. At first I didn't know if the alert was triggered by Firefox or Thunderbird, but since I received the Gmail email in Thunderbird, the alert must have been triggered by Firefox. The email went on to say, "Are you the one who tried signing in? Google will continue to block sign-in attempts from the app you're using because it has known security problems or is out of date. You can continue to use this app by allowing access to less secure apps, but this may leave your account vulnerable." Apparently my 57.0 Firefox triggered the alert. I clicked a link in the email to let me continue using the app. It took me to a page in Firefox that only showed the option to change the Gmail setting to allow less secure apps. I turned it back on.

I quickly received two emails in Thunderbird, one to my backup address and one to my Gmail address, telling me that, "Access for less secure apps has been turned on." It tells me I am no longer protecting my Google account with "modern security standards." It says, "You can make your account safer again by undoing this change here, then switching to apps made by Google such as Gmail to access your account." That's confusing, apparently written for mobile users rather than desktop users.

I found this experience interesting and thought others might as well.

I hadn't seen that "Allow less secure apps" switch. Wonder why it is defaulted to on in the first place? And no clues as to what might be a less secure app. Seems a bit strange to my thinking. Anyhow, I turned it off and so far no alerts have been generated by Firefox 52.0 or Thunderbird, my default browser and email programs.

About an hour, maybe two later an error message showed up. It really tells me nothing, but it appears it was a "less secure app" that tried to sign in. Still doesn't tell me which one. I'm guessing the app will cease to work or let me know down the road. Must be an app on one of my android devices.

Don't you miss all the extensions that no longer work with Firefox 57? I upgraded and took a look at what was no longer working and not currently replaceable and went back to 52.

Thanks for the info. That's interesting. I'm envious. :-)

I wonder why Google doesn't name the app it thinks is insecure in the alert email? That would be helpful, although in my case it seems like it has to be Firefox 57.0.

(Yes, I miss several Firefox extensions I used, mainly Self-destructing Cookies and FireFTP.)

Looks like it is Thunderbird. It became unable to access the gmail account. I switch less secure apps back on and all is good.

A couple hours later an error message showed up from Google. It essentially tells me nothing, but I gather it was generated by an less than secure app. Must be something on one of the three android devices I have. I'm going to leave the switch off for now and see if something ceases to work or lets me know it's been traumatized.

Cookie Controller was the deal breaker for me. It would let me reset the views on things that I occasionally ended up at from Yahoo, like the LA Times that has a set count on how many views before subscribing. Never heard of FireFTP, did a search and discovered an open source Firefox clone(?) called Waterfox that says it supports Firefox extensions. Going to give it a test run.

Interesting. I had no idea you could see who/what/how many had access to my Google account. Turns out it was nine and I guess I'm OK with those. Always wonder why when installing an app it asks for permissions like this, but always click "yes". I discovered (not a difficult discovery) that if I click on the name of the app it gives an explanation of why it has access. That sort of makes sense from a marketing point of view. Ultimately I didn't change anything. Thank you for this information.

Thank you, Rob. I terminated about 30 companies.