For more details about security for Google Workspace, go to Meet security and privacy for Google Workspace.
For more details about security for Google Workspace for Education, go to Meet security and privacy for education.
At Google, we design, build and operate all our products on a secure foundation, providing the protections needed to keep our users safe, their data secure and their information private. Meet is no exception, and we have built-in default-on protections to keep meetings safe.
Meeting codes—Each meeting code is 10 characters long, with 25 characters in the set. This makes it harder to brute force “guess” meeting codes.
Meeting details—Can be changed in the invite. Completely changing the video meeting invite changes both the meeting code and the phone PIN. This is especially useful if a user is no longer part of the meeting invite.
Attending a meeting—The following restrictions apply when people join a video meeting:
- We limit the ability of participants to join the meeting more than 15 minutes in advance of the scheduled time.
- Only users on the calendar invite can enter without an explicit request to join meetings. Participants not on the calendar invite must request to join a meeting by “knocking”, which must be accepted by the meeting organizer.
- Only the meeting host can admit participants not on the calendar invite, by inviting people from within the meeting and accepting requests to join.
- Meeting organizers have easy access to security controls such as muting and removing recipients, and only the meeting host can remove or mute participants directly within a meeting.
- Meet places numerical limits on potential abuse vectors.
- Users can report abusive behavior in meetings.
- All data in Meet is encrypted in transit by default between the client and Google for video meetings on a web browser, on the Meet Android and Apple® iOS® apps, and in meeting rooms with Google meeting room hardware.
- Meet recordings stored in Google Drive are encrypted at rest by default.
- Meet adheres to Internet Engineering Task Force (IETF) security standards for Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). Learn more
- Accessing Meet—For users on Chrome, Mozilla® Firefox®, Apple Safari®, and the new Microsoft® Edge® browsers, we don't require any plugins or software to be installed. Meet works entirely in the browser. This limits the attack surface for Meet and the need to push out frequent security patches on end-user machines. On mobile devices, we recommend you install the Google Meet app from Google Play (Android) or the App Store (iOS). Learn more
- 2-Step Verification—We support multiple 2 Step Verification (2SV) options for Meet: security keys, Google Authenticator, Google prompt, and SMS text message.
- Advanced Protection Program—Meet users can enroll in Google’s Advanced Protection Program (APP). APP provides our strongest protections available against phishing and account hijacking, is specifically designed for the highest-risk accounts, and we’ve yet to see people successfully phished if they participate in APP, even if they are repeatedly targeted. Learn more
- Control over your data—Meet adheres to the same robust privacy commitments and data protections as the rest of Google Cloud’s enterprise services. Learn more
- Google Cloud (which offers Meet) does not use customer data for advertising. Google Cloud does not sell customer data to third parties.
- Customer data is encrypted in transit and Meet recordings stored in Google Drive are encrypted at rest by default.
- Meet does not have user attention-tracking features or software.
- Google does not store video, audio, or chat data unless a meeting participant initiates a recording during the Meet session.
- Compliance—Our products, including Meet, regularly undergo independent verification of their security, privacy, and compliance controls, achieving certifications, attestations of compliance, or audit reports against standards around the world. Our global list of certifications and attestations can be found here.
- Transparency—We follow a rigid process for responding to any government requests for customer data and we disclose information about the number and type of requests we receive from governments through our Google Transparency Report. Learn more
- Automated network and system logs analysis—Automated analysis of network traffic and system access helps identify suspicious, abusive, or unauthorized activity and are escalated to Google’s security staff.
- Testing—Google’s security team actively scans for security threats using penetration tests, quality assurance (QA) measures, intrusion detection, and software security reviews.
- Internal code reviews—Source code review discovers hidden vulnerabilities, design flaws, and verifies if key security controls are implemented.
- Google’s vulnerability reward program—Potential technical vulnerabilities in Google-owned browser extensions, mobile, and web applications that might affect the confidentiality or integrity of user data are sometimes reported by external security researchers.
- Product-specific tooling and processes—Automated tooling is employed wherever possible to enhance Google’s ability to detect incidents at the product level.
- Usage anomaly detection—Google employs many layers of machine learning systems to differentiate between safe and anomalous user activity across browsers, devices, application logins, and other usage events.
- Data center and / or workplace services security alerts—Security alerts in data centers scan for incidents that might affect the company’s infrastructure.
- Security incidents—Google operates a world-class incident response program that delivers these key functions
- Pioneering monitoring systems, data analytics, and machine learning services to proactively detect and contain incidents.
- Dedicated subject matter experts deployed to respond to any type or size of data incident.
- Be mindful when sharing meeting links in public forums.
- If a meeting screenshot needs to be shared publicly, make sure the URL (located in the address bar of the browser) is removed from the screenshot.
- Consider using Google Calendar to send Meet invites for private meetings with a trusted group of participants.
- Be sure to vet and only accept new attendees that you recognize before allowing them to enter a meeting.
- If you notice or experience disruptive behavior during a meeting, use moderator security controls such as removing or muting a participant.
- We encourage users to report abusive behavior in meetings.
- Be thoughtful about sharing personal information such as passwords, bank account or credit card numbers, or even your birthday in meetings.
- Turn on 2-step verification to help prevent account takeovers, even if someone obtained your password.
- Consider enrolling in the Advanced Protection Program - the strongest set of protections Google has against phishing and account hijacking.
- Take the Security Checkup. We built this step-by-step tool to give you personalized and actionable security recommendations to help you strengthen the security of your Google Account.