Can developers of gsuite addons view the data in your sheets / docs?
Suppose we install a gsuite addon, we may see something like:
Suppose we have a google sheet/doc containing some plain text (a pretty standard use), equations, etc; e.g. it may contain: Here's something top secret: my_secret_123_abcxyz?!
Are there circumstances under which the developers of the addon be able to read the text contained in the cells of a google sheet (or in a google doc)?
For reference: here are the T&C and privacy policy for the example above - note that there's no clear answer to the question contained in either of those policies.
Note: this is an extremely important consideration for handling client data, or meeting data governance requirements/laws at company and/or federal levels.
Q. Are there circumstances under which the developers of the addon be able to read the text contained in the cells of a google sheet (or in a google doc)?
A.Yes, the developers can read the text. Specifically what the application reads and what is done with that data is a mystery however.
When developing Gsuite add-ons you use a programming language called Google Apps Script.(Google gives the creators and internal editor to work in).
When the creator of the add-on writes code wanting to access different parts of the Gsuite API, a scope is automatically added to the manifest file for the application.
The scope list explains what the application is attempting to access as it runs. That list generates the screen seen below.
The permission screen doesn't get anymore specific than that. However, everyone who wants to submit an application into the GSuite marketplace has to submit to a review process.
One of Google's priorities in that process is making sure the add-on's publishers "Take appropriate steps to safeguard user data.".
- Message: unknown error: cannot parse internal JSON template: Line: 1, column: 1, Unexpected token
- Form overlay cannot be filled or submitted on already existing video.js video element
- Why doesn't chrome.tabs.query() return the tab's URL when called using RequireJS in a Chrome extension?
- Where is libappindicator3.so.1?
- Uncaught SyntaxError: Unexpected token :
- Where do I find the Flutter web environment declarations in Chrome?
- Location of Chrome Web Apps (PWAs)
- window.onerror not working in chrome
- context-stroke and context-fill for markers in SVGs on Chrome don't work, alternatives?
- View or Test README files *md in a browser prior to pushing to an online repository for rendering
- View a JavaScript method's contents in Chrome's console
- Lighthouse PWA audit looks like it does not work in Chrome 126 (shows empty screen)
- How to use Chrome Developer Tools to find elements based on a CSS selector? (e.g., class or id)
- See :hover state in Chrome Developer Tools
- Automatically open Chrome developer tools when new tab/new window is opened
- How to get the FPS in chrome devtools
- AWS Elastic Load Balancing: Seeing extremely long initial connection time
- How do I switch to Chromes dark scrollbar like GitHub does?
- Setting HTML5 audio position
- Extend Google Docs with a chrome extension?
- google chrome inspect element - invalid property name - browser specific?
- How to specify browser language in Puppeteer
- Iframe "(Site Name) Refused to Connect." Error
- How do I get my CSS to function in Chrome?
- Content being read twice on focus of element + lots of "clickable"
- Set Chrome's language using Selenium ChromeDriver
- Using tesseract.js with manifestv3
- Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html"
- Show seconds on input type=date-local in Chrome
- Adding sub contextMenus in Google Chrome extension