• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

How secure is Google Checkout when using Apps that access our Gmail?

P

paeuk

Lurker
Would appreciate some comments on whether our Google Checkout is vulnerable when downloading and using apps that request your gmail authentication details e.g.

RSS readers that uses your Google Reader
SMS backup apps that back up to your Gmail account
Picasa photo related software that needs access to your gmail

I was thinking over this weekend that it seems to me that if we supply these apps with our gmail credentials they potentially have the ability to also hack our Google Checkout which doesn't have any secondary level of security other than our Gmail account username/password!

Is this really the case, or am I missing something because this seems like a crazy "open door" that is just waiting for someone to try and walk through.

Thanks

Paul
 
hmm, if the app is from the android store it's ok. but if it is from any other site i will not trust it,because somebody can track your email adress and password.
 
Al3x4Fun said:
hmm, if the app is from the android store it's ok. but if it is from any other site i will not trust it,because somebody can track your email adress and password.
Click to expand...


Can you please explain this in a bit more detail (buying from the Android Marketplace)?

I was going to buy an app last night from the Marketplace but backed out when I was required to give, among other things:

-name
-address
-tel no.
-credit card num /exp.
-e-mail
-plus a bunch of other stuff, etc.
 
Al3x4Fun said:
hmm, if the app is from the android store it's ok. but if it is from any other site i will not trust it,because somebody can track your email adress and password.
Click to expand...

The fact that an app is downloaded/downloadable from the Android Market does not imply that it is safe. Any app that requests your login credentials can do anything with them, once provided, regardless of where you download it from.
 
UncleMike said:
The fact that an app is downloaded/downloadable from the Android Market does not imply that it is safe. Any app that requests your login credentials can do anything with them, once provided, regardless of where you download it from.
Click to expand...

Thanks. This was my concern . . . :(

I've written to one of the developers who responded explaining how seriously he takes security and explained how his app accesses gmail. In his case there is no possibility of compromise and it re-assured me in his particular case that I'm safe. Unfortunately it doesn't fill me with much confidence with other apps until I check with each developer (if I decide the app is worth downloading to bother to do that).

I wish that Google would have a second tier level of security passwords with Google Checkout which would alleviate at least the risk financially.

Thanks for the responses.

Paul
 
There are some rumors on the web that Google are going to implement Paypal into the market which of course would make it safe. With regards to concerns about security just google the app and read any reviews for it to see if it is trustworthy.
 
From what I understand, there is a permission that apps can require that will allow them you use credentials for your account - allowing them to do anything that would require your credentials without actually providing your credentials to the app. I'm sure there is a reason it's not used more than it is.
 
You must log in or register to reply here.
Back
Top Bottom