About app user security
App Maker app users are an important aspect of data security. They want to protect their own data. They might also be able to access other people's data in the app and need to protect that information, too.
Grant app permissions
When an app is set to use the app user as the execution identity and the app uses Google services on their behalf, users must grant the app permission to access their account data. Depending on the app, App Maker can use their account to send email, create files in their Drive, or add events to their Calendar. If the user doesn't give the app permissions, they can't use the app.
When a user grants an app permission to their Google data, App Maker enforces the sharing settings on that data. For example, when a user grants an app permission to access their Drive files, other users can't access those files through the app unless the file owner shares those files with those users.
Admins can whitelist an App Maker app to bypass the permissions review.
Protect sign-in credentials
If only certain users can open an app URL, App Maker requires that they sign in and checks their permissions. If app users open the app in Google Chrome and stay logged in, they don't have to sign in each time.
Users must do their part to prevent unauthorized access to the app through their account. We recommend that they sign out of their computer when they're away and protect their Google Account.
App user security best practices
- Only run apps from people you trust. You can always revoke app permissions to account data.
- Understand the purpose of the app and what information is required from you to use app features. If you're unsure, ask your admin.
- Protect your Google Account sign-in information. If you have access to sensitive or confidential information through an app, someone who steals your credentials does, too.