Hacker News new | past | comments | ask | show | jobs | submit login

If you realize it immediately after, you can cancel the OAuth authorization you granted, before they grab your data:

https://myaccount.google.com/u/0/security#connectedapps




Having worked on an email client app before, that would definitely be effective. Retrieving and processing a decade worth of email is a huge pain in the ass that takes quite a long time (just retrieving the message bodies from GMail took at least an hour).


I did after about 18 minutes which did limit the import to just the most recent emails. Phew!


I suspect Fleep is actually just importing the most recent emails, as that's what the flow said it wanted the permission for.


You're right and actually the CEO reached out and clarified this. I have updated my post to try and better reflect the problem.


Maybe he can, but less tech savvy people almost certainly can't.


Says who? If they were pissed off about this, then I'd assume they're capable of a simple search for "remove app permissions google" which brings up several help articles on how to do it. Considering that Google uses that terminology in the sign in screen anyway, it's not like the terms are incredibly unfamiliar.


I think you're overestimating by a couple orders of magnitude what the average user is capable of composing as a search.


I think you're underestimating. An app is a common term for a mobile or web app, should be known by most people using the app in the first place. Permissions is a common term to signify what you just gave the new app you approved, also nothing really crazy. You want to remove or revoke what you just gave the app, so that term is obvious. And the service you approved it with is Google, so add that in.

It's not like this is using any real technical terms that a common 21st century computer/phone user might not know, and the only real difficult one is probably "permissions" which you can probably either guess or eventually get to with synonyms; totally possible given it's a common English word.


No, you're drastically overestimating. Try working in a Best Buy. Everything you just put together with logic is not a safe assumption to make about the average user.


Its not whether the average user would understand it if you asked them (although even that's a stretch.) its whether its going to occur to them that they need to search for that particular string of words, or one similar enough to find the correct result. that is a fairly technical task and presumes a lot of knowledge.


I really can't see how it presumes a lot of knowledge. Half the words are common English words to indicate what is happening, you don't need to know the technicalities of what's going on to know you gave permissions to an app and want to take them away.

Hell, I even checked, "permissions google" still has the account management link as the first one there. So even just knowing the word permission, which is a common English term to describe what you just gave the app, and the wording Google uses (see below) to refer to it, is enough to get to that page. You don't need to be a CS major to figure that out.

As I said above, Google even uses the terms when you do the signin: https://jaxenter.com/wp-content/uploads/2015/05/google-permi... and gives you direct instructions on how to manage them.


The problem I see most often with non-technical users attempting to search for non-trivial queries is not that they don't know those words, but they don't know which words are most important.

e.g. One might formulate searches like: "How to stop an app from downloading my emails?" "Take back permission from fleep"

Neither of which provide helpful results. Non-technical users could have a hard time differentiating between "gmail" and "email", or associating "Connect with gmail" with "permissions Google". (Or even "gmail" and "Google" - "Why would my email be related to search?")


Doesn't changing the password invalidate all OAuth tokens?


No.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: