There are lots of apps (on my phone, on the web, etc.) that want to use my google id for authentication and to sync data — news readers, contact info, notes to google docs, etc. In general, they ask for your google uid and password directly, which seems like a huge security hole to me — I basically have to trust each app developer with my email login. I'm currently using a secondary gmail address for this sort of thing, but that can be inconvenient.
-
Is there some way to restrict the kind of access that I give the apps?
-
Assuming I'm not missing something, what's the best place in the google universe to post a feature request for better control over this stuff?
Best Answer
The current defacto solution for this problem is OAuth, which Google supports. Applications using OAuth don't need your google ID and password to get authorization from Google to access your data.
I'd suggest to the app developers in question to migrate to OAuth.