When you grant data access to a Marketplace app, you give it API access to specific data like your Calendar and Contacts. The app (and by extension, the vendor) is able to view and store that data. Because your data is then available outside the boundaries of your domain, it's critical that you trust the security mechanisms implemented by the app and the vendor.
Apps may also access identity-related information about your users (for example, username, name, email address) through standard programmatic access. In no case should third-party apps have access to any of your domain passwords.
Review data access requirements for an app
You can review the data access requirements for an app during installation, or afterwards on the app's Settings page.
During installation, the various types of data access you need to grant to the app are listed after you click Install App (Admin console) or (Marketplace website).
After you install an app for your domain or organization, the settings page for that app lists the types of data access required by the app:
From the Admin console Home page, go to AppsMarketplace apps.
- Click an app to open its Settings page.
- Click Data access.
- Click the triangle next to an access type to see additional details on the type of data being accessed. (This information is provided by the developer and may not be present for all access types.)
If an app, after initial deployment, requires additional data access beyond what was originally requested, you're notified in the Data access area and can grant or deny the additional access.Data retention policies
The more data that an application has access to, the more your risk can increase. For example, an application that writes to only your contacts could be considered less risky than an application that writes to your contacts and calendar. Weigh the benefits of an app against the scope of data access the vendor requests.