Massive oversight in allowing non-Google apps to call themselves Google, in Google's own web interface. Incredible.https://twitter.com/zachlatta/status/859843151757955072 …
-
-
Replying to @SwiftOnSecurity
Yep. Also you cannot tell native Google or Twitter apps from outside ones. How about a blue checkmark for native ones?
1 reply 0 retweets 15 likes -
Replying to @zeynep @SwiftOnSecurity
How about NEVER allowing click-through to grant any app access to your account/private data?
1 reply 0 retweets 1 like -
The only way to auth a third-party client access to your GMail should be initiating the request yourself from inside GMail Settings.
1 reply 0 retweets 5 likes -
Doesn't that just change the phish from "click this auth button" to "paste this code in your settings"? People will do it if it looks legit.
2 replies 0 retweets 0 likes -
Replying to @Kemp_J @RichFelker and
Especially if they've already done it a dozen times for actual legit services.
1 reply 0 retweets 0 likes
Who has authorized mail apps "a dozen times"?! It's something you should basically never do except getting a new phone or similar.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.