Upgrade your Account’s Security by Unlinking Third-Party Apps

Hello, Crown Clients and Friends!

When using Google’s or Facebook’s platforms, it may be useful to enable third-party apps or accounts to extend their functionality. However, this always comes at the cost of security. While other sectors of the tech world move on to models like the zero-trust model (where you can use a service without exposing any data to that service), some apps and platforms allow you to share information with a third-party to enable features. In this post, we’ll consider whether or not this is a good idea in the first place and also walk through how to effectively manage Google and Facebook third-party apps if you choose to use them.

Third-Parties and Your Data Privacy

Third-party apps are developed by someone other than the service you are using. For example, you can extend the functionality of Gmail to integrate your Zoom meetings by “installing”–something more like granting access to–Zoom for GSuite or Gmail. This makes it so that Zoom can access your Google Calendar and Gmail information, and do things like read your Gmail account for meeting invitations and write its entries in your Calendar. This functionality may be very useful to you, but it comes at the cost of allowing Zoom to read your emails (so that it can find invitations) and possibly store information from them.

These kinds of privacy concerns are usually questions of trusting a company with your personal information, but in the case of third-party apps, it’s more like giving them a copy of the data in your account or profile. It isn’t too paranoid to think that sharing this information may be a bad idea altogether, since personal data breaches happen all of the time. Enabling a third-party app means that you are trusting that developer to keep and use your information responsibly in addition to the primary service. If the third-party is successfully attacked, the attacker ends up with your data. Even worse, in the past there have been problems with apps that are no longer being maintained, making them more vulnerable to being controlled by a malicious actor. 

Managing Third-Party Apps and Accounts

Luckily, most platforms make it easy to manage third-party apps if you decide to use them. The information and control given by the platforms has gotten a lot better over the past few years even if there is still a lot to be concerned about. We’ll look at Google and Facebook’s settings, but other platforms and services may have similar settings you can look for. 

On Facebook, third-party apps are often ones that can post on your behalf, or apps that find your Friends on Facebook to extend their social component. The level of control in these settings is really impressive: they show you what apps are linked and what information you are sharing with that app (and even give you the ability to turn off certain types of information sharing, if available), but it also lets you know if the link is active or expired and when it was linked. 

Here’s an example of what you will find in the App and Websites privacy settings: I have my Duolingo app linked with my Facebook profile, which I linked so that I could compete with and taunt my Facebook friends with my progress. When I check the information that I share with them, it lets me know that I am sharing public information with Duolingo (my name and profile picture) as well as my Friends List, which is private information. Since the functionality I want from this app includes knowing my Friends, then I am comfortable with this setting (but I am also comfortable with this information being public).