Help get this topic noticed by sharing it on Twitter, Facebook, or email.

Why ActiveInbox needs super permissions (total control of the gmail account)?

I was trying to install ActiveInbox and found that it needs much more permissions. For example, it says "This app wants permission to do anything you can do in your Gmail, including" + "Send email for you" + "Delete your mail".

Why does this need all access to my account?

I believe it is dangerous to allow this kind of super permission to an application. Please let me know why does it need all these permissions.
Is there any other way to allow lesser permission than this and getting things done?
1 person has
this question
+1
Reply
  • Hello Jayanga

    We don't actually need all of those permissions. The levels are set by Google and they then determine what each level of permission means - so the wording is theirs. 

    We have actually spent a year rebuilding ActiveInbox from the ground up, so we would use less permissions, and have changed the way we interact with Google to make it possible. 

    The frustrating thing for us, is that our founder has been trying to get the permission level reduced for several months, which you would think Google would be happy to do. But no. It's actually turning out more difficult to get them to reduce our permission level than it was to get the higher level granted. 

    We are still working on it. 

    Lisa Reynolds
    AIB Support 
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned sad, anxious, confused, frustrated kidding, amused, unsure, silly happy, confident, thankful, excited

  • Hi Lisa,

    Thank you for your prompt response.

    I need a few other information before I continue.

    Is there any place where I can see the activities carried out by the plugin?
    A list of activities done by the plugin, what data it accesses, what data it saves about my self, and where it is saved?

    Any guarantees that the content is not exposed to outside. I mean, do you have any NDA kind of thing. I am asking this because, if by any chance an email containing confidential data, is being read using these permissions? What are the precautions, and actions do you have in place to avoid such a situation?

    Thanks,
    Jayanga
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned sad, anxious, confused, frustrated kidding, amused, unsure, silly happy, confident, thankful, excited

  • Andy Mitchell (ActiveInbox Founder) April 18, 2019 14:12
    Hi Jayanga,

    In addition to Lisa, you might like to check our Privacy policy at www.activeinboxhq.com/privacy .

    And, as Lisa mentioned, we're waiting for the chance to require less-permissions. Once Google grants this, this security document will be accurate (at the moment, it's not entirely accurate - for instance, OAuth tokens are stored on our server, but it's accurate insofar as no email data is stored on our servers): www.activeinboxhq.com/security
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned sad, anxious, confused, frustrated kidding, amused, unsure, silly happy, confident, thankful, excited