Day 18

Go Through Third Party App Permissions and OAuth Services


DAY 18: Go Through Third Party App Permissions and OAuth Services

Welcome to Day 18 of my 30 day security challenge, the month long challenge I created to help you gain control of your privacy and security online. You can follow along with the security challenge via my blog at, where you can skip ahead or download a checklist of the challenge. Each video will also be curated into a playlist so it'll be easy to follow along from Day 1 all the way through 30 here on Youtube.

Today is all about OAuth and third party app permissions. I know that sounded weird, but it's a good thing to know in relation to security and privacy. What is OAuth? It's an open standard protocol that lots of websites and companies implement to easily tie your secure data from one account to them. It's not made to validate your identity but to give you permission to do stuff through a website. Most commonly, OAuth works like this: You'll go to a website and see a login with Google or login with Facebook or login with XYZ company button. You click this button and a popup appears that says "This company will receive the following info from your Facebook profile: Your name and email address" or something similar. Then you click okay and those permissions are granted. There's a few other ways OAuth can be implemented but generally, they all look similar to that. OAuth is nice because it usually doesn't require a password but allows you to grant access to your info on applications.

So if you've granted OAuth permissions to a bunch of third party apps, it might be hard to remember which ones have access - and they keep that access until you revoke them. So, for example, if you used your Facebook to grant permissions to an app or website to view your name and email address - it'll know your name and email address until you revoke it. Changing your password on your main profiles won't necessarily remove the OAuth permissions either - it's made to be convenient. So you need to go into each profile and revoke anything that looks dodgy to you or that you no longer use.

To revoke third party apps from being connected to your main accounts, log into your social network or email profiles and choose the profile setting that says something like: Permissions, Access, or Applications. Go through the list and click "Revoke or Remove" for each one that doesn't need to be there. I've compiled a list found below in the notes of some popular profiles and direct links to remove the third party apps from your accounts, to speed up the process for ya. But, it would be wise to figure out how to get to these menus, as this is something that should be done on a reoccurring basis. Once a year should be good enough.

Day 18 is now complete! Tomorrow is all about cleaning up your social network privacy options part 1! But first, make sure to subscribe on youtube and hit up for the downloadable checklist and to skip ahead on the 30 day security challenge. Again, I'm Shannon Morse and I'll see you tomorrow for day 19!