Stack Overflow Asked on November 4, 2021
Suppose we install a gsuite addon, we may see something like:
Suppose we have a google sheet/doc containing some plain text (a pretty standard use), equations, etc; e.g. it may contain: Here's something top secret: my_secret_123_abcxyz?!
Are there circumstances under which the developers of the addon be able to read the text contained in the cells of a google sheet (or in a google doc)?
For reference: here are the T&C and privacy policy for the example above – note that there’s no clear answer to the question contained in either of those policies.
Note: this is an extremely important consideration for handling client data, or meeting data governance requirements/laws at company and/or federal levels.
Q. Are there circumstances under which the developers of the addon be able to read the text contained in the cells of a google sheet (or in a google doc)?
A.Yes, the developers can read the text. Specifically what the application reads and what is done with that data is a mystery however.
When developing Gsuite add-ons you use a programming language called Google Apps Script.(Google gives the creators and internal editor to work in).
When the creator of the add-on writes code wanting to access different parts of the Gsuite API, a scope is automatically added to the manifest file for the application.
The scope list explains what the application is attempting to access as it runs. That list generates the screen seen below.
The permission screen doesn't get anymore specific than that. However, everyone who wants to submit an application into the GSuite marketplace has to submit to a review process.
One of Google's priorities in that process is making sure the add-on's publishers "Take appropriate steps to safeguard user data.".
Answered by John Thompson on November 4, 2021
I’m the developer of the smart references plugin for google docs.
https://gsuite.google.com/marketplace/app/smart_references/139900623597
The answer is that it depends on how the plugin works. The google plugin sandbox is quite limited. The code developers provide that can run on googles servers or in the users browser is limited to a few JavaScript files, and without the ability to import or export data there is only so much those scripts could do. So many plugins send document data to external applications to provide advanced functionality. For example the Smart References plugin does not need to export any data from the docs context because it is relatively simple plugin that just synchronises headings within a document - but consider a grammar checking plugin or an integration into a crm - all the smarts live on external servers that google does not control. As developers we are asked to disclose if and how we use document data in the privacy policy and terms of service. Google does have an independent review process for new plugins but they only review the plugin code not the workings or administration of any external api.
So when you permission a plugin you are potentially giving access to your data to the plugin developers and you should make an active decision on whether or not to trust them. This is the case with any cloud software or desktop apps that use APIs to work.
Answered by Richard Woods on November 4, 2021
I think it is possible. See below link.
https://developers.google.com/gsuite/add-ons/editors/sheets
You can create custom functions. Then you can use UrlFetchApp
to communicate with external server.
https://developers.google.com/apps-script/reference/url-fetch
This service requires script.external_request
scope.
I have attached a screenshot below.You can see all the scopes this particular add-on needs. You will get this prompt while installing the add-on. Connect to an external service is the scope you are looking for.
Answered by Sibin on November 4, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP