Blog, Simple Gmail Notes, Simple Mobile CRM

What could possibly go wrong if you clicked an ‘Allow’ in the Gmail grant page?

August 1, 2020

Most people have seen a permission grant screen like before, but not many actually understand what it  means.


In fact, we were not aware of the implications until we started our development of Gmail API based app. It’s actually surprising and stunning that a simple grant screen could possibly lead to.

In short, when you agreed on this one, the product could:

1. quietly read all your emails

2. quite search all your legacy emails, no matter how old the emails are, and download the corresponding attachments,

3. quietly send emails to others on your behalf, with whatever content generated by the app

4. quietly and permanently delete the inbox or sent box emails created by you, or by the product

So, just imagine, how far the product could go if some hacker hacked into the system?

And the worst part is, the product could still perform all the actions after you killed or deleted it. Yes, the product server could silently access your emails any time, even if you are not using the product.

Sounds unlikely? It definitely happened before. Admittedly things got better after the Google introduced a new policy specificly for Gmail and Google drive data.

Most Gmail add-on companies today are reliable and unlikely to actively steal your data, but can you trust those companies to be as hacker-proof as Google?

 

At least, we don’t trust most of them, in the same way as we don’t trust ourselves.

Of course, we did every possible thing to safeguard and encrypt our servers. However, it’s still unlikely to build the firewall as strong as Google’s, obviously.

Therefore, we don’t collect any server side token in Simple Mobile CRM. Not only do we collect the least intrusive permission for Gmail (readonly access), all our collected tokens are only applicable on mobile devices. This means those special tokens can never be used in servers, by design.

With Simple Mobile CRM, all Gmail collections must be performed on your mobile phone. If you log out or delete the app, CRM system could never reach your emails, by anyone.

For more details, one may check here.

Related Posts

Author

Avatar

Bart Solutions

YOU MIGHT ALSO LIKE THESE

How To Auto Reply In Gmail With Template? Tips for Gmail">
<span class="entry-title-primary">How To Auto Reply In Gmail With Template?</span> <span class="entry-subtitle">Tips for Gmail</span>
How To Auto Reply In Gmail With Template?
Blog
Simple Mobile CRM – Dec 2018 ? Google Contacts, Import Opportunities and More
Simple Mobile CRM - Dec 2018 ? Google Contact...
Blog, Simple Mobile CRM
Simple Mobile CRM – Sep 2019 Update
Simple Mobile CRM - Sep 2019 Update
Blog, Simple Mobile CRM
How to set up recurrent and customized auto reply in Gmail for free
How to set up recurrent and customized auto r...
Blog
Google Translate Plus Upgraded (0.3.1)
Google Translate Plus Upgraded (0.3.1)
Blog
What is the meaning of Cc and Bcc in Gmail?
What is the meaning of Cc and Bcc in Gmail?
Blog
Simple Gmail Notes – Chrome Extension
Simple Gmail Notes - Chrome Extension
Blog, Simple Gmail Notes, Tech
Simple Gmail Screen Launched
Simple Gmail Screen Launched
Announcement, Blog