<div>
If you do not allow access, then people cannot snoop around. For truly private use Google drive (or One Drive or Dropbox) are reasonably secure.
</div>


<div>
That didnt really answer my q.
</div>


<div>
It would really depend on the app and what it is supposed to do. I'd suggest you try to find out more details of an app before using it. Besides that I wouldn't necessarily store any sensitive data in the cloud. What is on your local PC should be reasonably safe, as long as you also follow the basic security measures which should be used on all PC's, like only using standard user profiles, having the system patched, a good, free AV solution, not opening mail &nbsp;attachments unless you expect them from a known person, only visiting trusted web-sites etc.
</div>


<div>
There is no perfect security on the internet - your documents, your own computer, your on-line bank account. <br />
<br />
The risks are not quantifiable: &nbsp;If you secure everything properly, and do not do silly things, your documents are secure.
</div>


<div>
John I appreciate you trying to answer as many questions on this site as possible, but I do often find your &nbsp;comments vague and very general that they often strike me as common sense answers rather than specifically addressing the points :-)<br />
<br />
If Google was to allow a third party app to connect to Gmail or Drive, then surely it must be vetted right? &nbsp;So for example, when viewing a gmail attachment, it gives you the option to preview the attachment using one of several built in third party apps, like some advanced PDF tool or a video player etc. &nbsp;I have approved the use of DocHub or Lumin to access my files. &nbsp;But like with most apps, the general disclaimer is the same for all third party apps that you approve, it says you grant access for them to see your files etc.<br />
<br />
In reality, I am trying to understand to what extent this is true and whether someone at that company can indeed just snoop around your google drive at will whilst on his coffee break.
</div>


<div>
I am confused by your paragraph on accessing your data. If you let people see your data they can snoop around. That is what you said &quot;&nbsp;I have approved the use of DocHub or Lumin to access my files ... it says you grant access for them to see your files etc.&quot;<br />
<br />
You cannot do this and have good security of your information.
</div>


<div>
So basically the millions of global users who permit third party plugins are opening up their entire google drive to anyone at that company to look around at will? &nbsp;really????
</div>


<div>
<i>In reality, I am trying to understand to what extent this is true and whether someone at that company can indeed just snoop around your google drive at will whilst on his coffee break. </i><br />
<br />
If they have access to your files on their computer, you cannot prevent snooping<br />
<br />
If you secure access, then lock your computer when you are away from your desk.
</div>


<div>
You need to be VASTLY clearer. If the access provided is ONLY to you, then people cannot snoop. If you have provided access to others to view, then they can snoop.<br />
<br />
Would you expect different?
</div>


<div>
Why are you referring to a computer for? &nbsp;Where have I said that I granted access to my computer? <br />
<br />
Good drive, web based, browser, third party app. &nbsp;No computer.
</div>


<div>
Sorry, I figured you had a computer for working on.<br />
<br />
So then clarify<br />
<br />
1. If the access provided is ONLY to you, then people cannot snoop. <br />
2. If you have provided access to others to view, then they can snoop.<br />
<br />
&nbsp;Would you expect different?
</div>


<div>
Yes.<br />
I was hoping that someone would say, in non technical terms, that app plug-in would only be able to access data in a particular way.<br />
<br />
The iphone allows third party developers to create apps for the phone, but doesn't allow it to do &quot;anything&quot; it likes on the phone. &nbsp;There are limits. &nbsp;And I was expecting a response to say that controls are in place to ensure that whilst the app might have access the file that you want to edit WHILST you use the app, they cannot simply just access your google drive like its another mapped drive.<br />
<br />
Are you giving your opinion on this or are you speaking fact, because quite often I see your responses to my previous questions and others, as a 24/7 attempt to answer with general responses, maybe for the points but maybe to also be helpful I dont know.....and others have also commented the same.
</div>


<div>
Why not just use the Google Native app to access instead of 3rd party app? &nbsp;This would minimize the risk since it will be only accessible from a single source (and you are actually giving permission to a single app instead of multiple app to access your files)<br />
<br />
Depending on how confidential the files are, you may consider putting the files offline and non accessible when connected to the internet. &nbsp; Or maybe host your own online storage server.
</div>


<div>
I think you are creating an impossible situation. You want to provide access (apparently to people you may not know) but control what they do even though they may have a jail-broken iPhone or an Android that can be programmed.
</div>


<div>
Hi Anthony,<br />
I agree with your comment - I guess when using Chrome / Gmail / preview - open with feature, there are some useful apps there that, for example, allow you to edit the document in question without the need to faff about opening other dedicated apps or indeed if you dont have e.g. a PDF writer or an application to draw lines or add text, quickly, some of these plug-in type apps, can be very useful. &nbsp;<br />
<br />
Reading a disclaimer is fine, but if everyone was assuming the risk that John is mentioning, we wouldn't be updating our iOS or Android firmwares because we would all be giving up our data to the software giants. &nbsp;<br />
<br />
I'm not saying we expose our data to dodgy web sites or even malware incorporated within peer2peer pirated software, but genuine plug-ins that are being promoted by google as part of its Google labs or whatever, must surely have some controls, regardless of what the &quot;legal disclaimer&quot; says.<br />
<br />
As explained, I'm not referring to Google drive on a PC / computer. &nbsp;My question relates purely to the use of plug ins for the online version of google mail and google apps. &nbsp;I suppose to some extent, the question could also be extended to Dropbox and its third party plug-ins or Evernote third party plug-ins too. &nbsp;<br />
<br />
As the world starts using them, are we now all &quot;100% opening our data for the world to hack&quot; - I should certainly hope not or else these companies have something to answer for in their multi-billion dollar valuations.
</div>


<div>
<i> I suppose to some extent, the question could also be extended to Dropbox and its third party plug-ins or Evernote third party plug-ins too.</i><br />
<br />
I use Drop Box. My document store is password protected and no one snoops - ever.
</div>


<div>
John - why are you referring to jail broken phones now? &nbsp;You are using extreme examples for something which I am saying is basic and almost an every day feature or offering.
</div>


<div>
You are using the word &quot;snoop&quot;. People who snoop are often adept at using tools to snoop.
</div>


<div>
&gt;&gt;I use Drop Box. My document store is password protected and no one snoops - ever.<br />
<br />
So you are choosing to not use other useful third party plug ins to Dropbox, ok that's your choice. &nbsp;But that doesn't eliminate the question as to whether a fantastically produced productive app, maybe linking evernote and dropbox, would have dire side effects.<br />
<br />
You remain content with saying what you do without necessarily exploring the other features. &nbsp;Almost like blocking your ears not wanting to hear the good extended things that are available!
</div>


<div>
As an example, I (along with others) have been given access to a Google Document that I cannot copy or save elsewhere. But I was able to create a PDF out of it (for proper purposes). My point is that people don't really understand what they are putting in public places.
</div>


<div>
Again, you're digressing. &nbsp;Call it snoop, call it hack, call it what you want. &nbsp;its just a play on words. &nbsp;Ultimately I want to know if there are controls on what a third party app can do and if it ONLY accesses your data when you are using it. &nbsp;I dont think you have the knowledge (no offense) to answer that, and your response is just an opinion.<br />
<br />
I'm sure a security minded person here &quot;in the know&quot; might be able to answer that.
</div>


<div>
<i>Almost like blocking your ears not wanting to hear </i> &nbsp; Goodbye. I do not need that.
</div>


<div>
Thank you, Allen. &nbsp;That seems like a more informed and reasonable response rather than a &quot;well if you let a third party app access your google drive, you should of course assume your files will be hacked/snooped on&quot;.<br />
<br />
You've alluded to some technical tools / language that as a non IT person myself, will not be too familiar with. &nbsp;Any suggestions as to how an ordinary person like myself could go about undertaking some very basic risk analysis and explain how not to read too much into it or vice versa?<br />
<br />
Thanks.
</div>


<div>
Most of the services offer a free trial. &nbsp;We typically provide a trial of BetterCloud Enterprise, which lets you run a risk assessment against standard criteria (common regulatory requirements) to get a sense of your current exposure.
</div>


<div>
Thanks Allen / Anthony. &nbsp;Bettercloud enterprise sounds interesting, but I am just a ordinary consumer and probably will not have the skills to check to that level.<br />
<br />
I guess this is a difficult question to answer definitively.
</div>


<div>
<div class="content wysiwyg-content">
When granting approval of a google drive 3rd party app, what are the real risks? &nbsp;I am quite security conscious for my personal drive and take all precautions as possible (two step verification etc) but still believe in being IT progressive.<br />
<br />
When you approve an app, it gives the normal boiler plate warnings blah blah has access to all your files, life and will control the wife etc etc. &nbsp;In reality, can they actually access your data on 4.30pm on a Sunday and snoop around?
</div>
</div>


When granting approval of a google drive 3rd party app, what are the real risks?  I am quite security conscious for my personal drive and take all precautions as possible (two step verification etc) but still believe in being IT progressive.

When you approve an app, it gives the normal boiler plate warnings blah blah has access to all your files, life and will control the wife etc etc.  In reality, can they actually access your data on 4.30pm on a Sunday and snoop around?

What are the real risks of enabling 3rd party Google drive apps

Google Workspace is a suite of cloud computing productivity and collaboration software tools and software. It includes Google’s popular web applications including Gmail, Drive, Hangouts, Calendar, and Docs. While these products are available to consumers free of charge, Google Workspace adds business-specific features such as custom email addresses at your domain and storage for documents and email.

Google Workspace

Chrome OS is an operating system based on the Linux kernel and designed to work with web applications and installed applications. Initially, Chrome OS was almost a pure web thin client operating system, with only a handful of "native" applications, but Google gradually began encouraging developers to create "packaged applications", some of which can work offline. App Runtime for Chrome (beta) enables Android applications to run on Chrome OS. Chrome OS is built upon the open source project called Chromium OS which, unlike Chrome OS, can be compiled from the downloaded source code; Chrome OS is the commercial version installed on specific hardware.

Google Chrome OS

Web browsers are applications used primarily to display documents, files and media from the Internet, identified by a Uniform Resource Identifier (URI) that can be a page, image, video or other file. Some browsers require the use of add-ons or extensions to safely render the information they receive; others have systems built into them to perform the same functions.

Web Browsers

Web development software is used to create websites for both the Internet and intranets. Software can be either locally installed or operated through a cloud interface, and ranges in complexity from simple text editors to full-fledged integrated development environments (IDEs) that include graphics, video, audio, scripting and database support.