Google Workspace Apps Risk Assessment

Introduction #

The number of 3rd party apps available on the Google Workspace marketplace is evergrowing and what your users (employees) install and connect to becomes tricky to track.

That’s why GAT+ provides an application risk assessment so you can judge whether a company has a valid reason for a privilege given.

Getting Started #

Navigate to GAT+ > Applications from the menu

There you will see each application installed, the number of users who installed it, and what privileges the application has requested.

Safe Scopes Privileges Given to 3rd Party Apps #

• “https://www.googleapis.com/auth/plus.login”,
• “https://www.googleapis.com/auth/plus.me”,
• “https://www.googleapis.com/auth/plus.profiles.read”,
• “https://www.googleapis.com/auth/plus.profile.agerange.read”,
• “https://www.googleapis.com/auth/plus.profile.emails.read”,
• “https://www.googleapis.com/auth/plus.profiles.read”,
• “https://www.googleapis.com/auth/userinfo.email”,
• “https://www.googleapis.com/auth/userinfo.profile”,
• “https://www.googleapis.com/auth/userinfo#email”,
• “https://www.googleapis.com/auth/userinfo.openid.directed”,
• “https://www.googleapis.com/auth/drive.appdata”,
• “https://www.googleapis.com/auth/drive.file”,
• “https://www.googleapis.com/auth/drive.appfolder”, “
• https://www.googleapis.com/auth/drive.install”, “openid”

High Risk and Risky Privileges Given to 3rd Party Apps #

• “https://mail.google.com”,
• “https://www.googleapis.com/auth/gmail”,
• “https://docs.google.com/feeds”,
• “https://www.google.com/m8/feeds”,
• “https://apps-apis.google.com/a/feeds”,
• “https://docs.googleusercontent.com/”,
• “https://www.googleapis.com/auth/drive”,
• “https://www.googleapis.com/auth/admin”,
• “https://www.googleapis.com/auth/directory”,
• “https://www.googleapis.com/auth/appengine”,
• “https://www.googleapis.com/auth/apps”,
• “https://www.googleapis.com/auth/compute”

Scope risk score #

The Scope risk score is given based on the privileges granted.

The Scope risk score is devided into Low, Moderate and High.

By a combination of the scopes (permissions) required by the application we devide and separate them into 3 main scope risk scores.

• Low
• Moderate
• High

Want to Take Actions? #

If you wish to Ban applications because of the privileges they are requesting, or you don’t trust the vendor or company.

Follow the steps covered in this post called Audit & Manage 3rd Party Apps.