I'm having trouble understanding what I'm am granting to sites when they have "Authorized Access to my Google Account."
This is how I see what has authorized access:
- Log into gmail.
- Click on the link that is my name in the upper-right corner, and from the drop-down select Account.
- From the list of links to the left, select Security.
- Click on Edit next to Authorized applications and sites.
- Authenticate again.
- At the top of the page, I see a set of sites that have authorized access to my account in various ways.
I'm having trouble finding out information about what is being told to me here. There's no "help" link anywhere on the page and my Google searches are coming up unproductive. From the looks of what I see there, Google has access to my Google calendar. I feel comfortable about that, I think. But other sites have authorization to "Sign in using your Google account".
My question is, what exactly does that authorization mean?
What do the sites that have authorization to "Sign in using my Google account" have the power to do?
I hope that this simply means that they authorize using the same criterion that Gmail does. I assume that this doesn't grant them the ability to access my email.
Can someone please calm my paranoia by describing (or simply pointing me to a site that describes) what these terms mean exactly?
Best Answer
"Sign in using your Google account" entries are automatically added when you use your Google account to log in to a website (such as a Stack Exchange site like this one) and leave the "Remember this approval" box checked. Any site in the approval list can know whether you are logged in to your Google Account and (if so) which account you are logged in to without asking you first.
According to Google, unless a site asks for additional permission, it cannot retrieve any personal information other than your e-mail address.
Any additional request would have been listed both on the original approval screen and in Google's "Connected Sites, Apps, and Services" list instead of just "Sign in using your Google account".
You can "Revoke Access" for a site if you do not want it to know you are logged in to your Google account without your explicit permission (or no longer want to allow it access to your account in a way you previously approved).