While doing our regular security audit of all the accounts tied to the HTG site, we noticed something interesting: Inside your Google account settings there is a list of any site or app that you’ve given access to, and the list might surprise you. Time for a checkup!
There are, of course, plenty of valid reasons why you might need to give apps or web sites access to your account, or at least parts of your account. If you log into any sites via your Google account, you’re going to see that in the list. If you have an Android phone, it will have full access to everything, and any Google app anywhere that saves your credentials is going to need access, which ends up showing in the list.
This article is definitely not meant to scare you. But… you should also be familiar with the things that have access.
Auditing Access to Your Google Account
If you want the quick and easy way to get to the account permissions page, you can just navigate in your browser to the following URL, which will show you the list of permissions assigned to apps and sites. Since you should never click on a link to your account settings page, we aren’t going to bother making this one clickable.
To get there the longer way, you can open up any Google site and click on your face or icon, and get to the “Account” link, as shown in the screenshot below.
Once there, click on the Security tab, or if they change the layout in the future, head to the Security section of your settings. Then find the Account Permissions section, which lets you control which apps and web sites have access to your account. Click the View All link to see that list.
The list is very simple — just click on an item to see the details of what permissions it actually has, and click the Revoke access button if you want to remove that app from the list. Pay special attention to any apps that “Have full access to your Google Account”, because most of them should not.
If you do use your Google account to log into any sites, as shown above with the Feedly item, just verify that they only have “access to basic account info”, which includes only the very simple information about the fact that you have an account, and doesn’t give them access to any of your data or files.