Security and Privacy Perceptions of Third-Party Application Access for Google Accounts (Extended Version)

11/05/2021
by   David G. Balash, et al.
0

Online services like Google provide a variety of application programming interfaces (APIs). These online APIs enable authenticated third-party services and applications (apps) to access a user's account data for tasks such as single sign-on (SSO), calendar integration, and sending email on behalf of the user, among others. Despite their prevalence, API access could pose significant privacy and security risks, where a third-party could have unexpected privileges to a user's account. To gauge users' perceptions and concerns regarding third-party apps that integrate with online APIs, we performed a multi-part online survey of Google users. First, we asked n = 432 participants to recall if and when they allowed third-party access to their Google account: 89 app. In the second survey, we re-recruited n = 214 participants to ask about specific apps and SSOs they've authorized on their own Google accounts. We collected in-the-wild data about users' actual SSOs and authorized apps: 86 used Google SSO on at least one service, and 67 app authorized. After examining their apps and SSOs, participants expressed the most concern about access to personal information like email addresses and other publicly shared info. However, participants were less concerned with broader – and perhaps more invasive – access to calendars, emails, or cloud storage (as needed by third-party apps). This discrepancy may be due in part to trust transference to apps that integrate with Google, forming an implied partnership. Our results suggest opportunities for design improvements to the current third-party management tools offered by Google; for example, tracking recent access, automatically revoking access due to app disuse, and providing permission controls.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 6

page 7

page 8

page 10

page 11

page 12

page 25

06/29/2020

CanaryTrap: Detecting Data Misuse by Third-Party Apps on Online Social Networks

Online social networks support a vibrant ecosystem of third-party apps t...
03/08/2022

Analyzing the Security of the Business Collaboration Platform App Model

Business Collaboration Platforms like Microsoft Teams and Slack enable t...
01/10/2019

Collaborative Privacy for Web Applications

Real-time, online-editing web apps provide free and convenient services ...
05/28/2021

Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google's My Activity (Extended Version)

Privacy dashboards and transparency tools help users review and manage t...
06/12/2020

Building trust in digital policing: A scoping review of community policing apps

Perceptions of police trustworthiness are linked to citizens' willingnes...
04/17/2020

Privacy-Preserving Script Sharing in GUI-based Programming-by-Demonstration Systems

An important concern in end user development (EUD) is accidentally embed...
12/24/2017

Studying the Impact of Managers on Password Strength and Reuse

Despite their well-known security problems, passwords are still the incu...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.