3

For example, consider this script. It requires me to grant permission to my Gmail account, but I'm confused why this is necessary -- is it not myself who is running the script? Or is my data going through someone else's servers than Google? Can I trust the scripts I find on sites like that?

Edit: I only mean "trust" from a privacy perspective, not an integrity perspective. In other words, I'm not worried about a malicious script deleting my data, but I am worried about it sending my data to someone else's servers.

user541686
  • 2,502
  • 2
  • 21
  • 28
  • 1
    The script comes from a 3rd party; cannot be trusted blindly unless you read the source code. No you are not running the script. It runs on google's server and hence requires permission via oauth2 to access your account. – Extreme Coders May 10 '16 at 17:35
  • @ExtremeCoders: I see. Although when I said I'm running the script, I didn't mean locally... Rather I meant it is already running in my own account context, hence I don't understand why it needs permission to access my own data... that only makes sense to me when a third party is getting access to my data, which isn't the case here. Thanks for the info though. – user541686 May 10 '16 at 17:56

1 Answers1

3

I am the author of Gmail script that you referenced in the question. The script is now available as a Google-approved add-on on the Chrome Store.

It requires access to the entire Gmail because, unfortunately, that's how permissions works inside Google Scripts. You either have full access or no access.

In the Gmail Scheduler script, it needs permissions to read your Gmail drafts for scheduling as well for sending email through your Gmail account. When a script sends email from your account, a copy of the email is always stored in the Gmail Sent items so it is a good place to check if the script is sending emails to any other address.

Amit Agarwal
  • 146
  • 2
  • +1 thanks! However, my question was slightly different. I wasn't asking why the script requests access to the *entire* mailbox as opposed to some part of it... rather, I was asking why it *requests* access at all when it is occurring from my own account -- shouldn't my account have permission to access itself? As for the other part, I wasn't worried about spamming other people. I was worried about my data going through someone else's servers (which seems to be the case for other services like Boomerang)... which was amplified by the fact that it actually asked me for permission. – user541686 May 11 '16 at 05:32
  • 1
    @Mehrdad This is how Google Scripts work. Even if you create a Google Script inside your own Google account, it will require the same permissions that are required when the script is owned by a third party. To test this, go to script.google.com and paste this code and run. function test() { GmailApp.search("in:inbox"); } – Amit Agarwal May 11 '16 at 06:14
  • 1
    What is intriguing me here is that Amit has not directly addressed the point that when full access is granted to Gmail to the script, such access imparts an ability to retrieve and do anything that to the users Gmail account, regardless of how permissions are structured by Google for such integrations. Whether Labnol accesses the data in any way outside of the behavior of the script is, to me, the really interesting question that deserves to be answered. After all there i nothing to stop them drawing down your whole inbox; permission was granted. – j pimmel Sep 28 '16 at 23:51
  • @jpimmel - technically, the script owner has access to the user's data given the way permissions are handled in Google Scripts. This [document](https://ctrlq.org/docs/20276-mail-merge-permissions-explained) explains why permissions are requested and this [document](https://ctrlq.org/docs/20287-privacy) describes what we do with the data. – Amit Agarwal Sep 29 '16 at 07:02