Beware of tools and websites posting content to Google+ by asking for your google account!


One of our readers today brought up an interesting point about tools or sites posting content to google+ and we want to cover in detail so that the entire google+ community is aware of the problem.

Since the launch of Google+ in july 2011, it has introduced many new features and has gone through tremendous changes. A major redesign was the latest of all. As of last month (march 2012), G+ has crossed over 170+ million users with around 100+ million active users.

Warning sharing google username/password with tools/websites posting content to Google+

Warning sharing google username/password with tools/websites posting content to Google+

Due to rapid changes it is undergoing, google+ has introduced only a very limited set of api (application programming interface) that helps to develop applications and tools so that you can interact with Google+ from outside the G+ interface.

As of this writing Google+ has limited set of readonly api’s which means you can read contents from the network (for eg. get profile, list activities, comments, etc) but there is no way to post or submit content to the G+ network programmatically.

But given the web’s open nature and powerful web and javascript libraries it is possible to write workarounds and mimic the web functionality using little bit of programming. That allows to write new tools and websites offering to post or submit content to Google+.

Unfortunately since there is no official set of API’s for posting content as well as no OAuth authentication (OAuth is a authentication method where you authorize a site using google or facebook or other accounts without giving username/password and they issue a token transparently by which the authorized site would interact with the authorizing site.

In other words, it works by a shared token and we never have to share our username or password). Which means if someone is writing tools or a website offering post content to G+ the only way to get around is by asking for your Google account’s username and password.

But a lot people (mostly with non technical background) don’t realize that you are giving away your google account username and password to a third party and there is a chance of misuse or abuse (We are not saying all services, tools or websites are bad). But you have to be aware of this fact and have the right to be warned. Also dont’ forget to note that your google account is tied to pretty much all google products : google docs, gmail, google+, adsense, adwords, search, news, etc. etc., which means using your account they could access all these services.

Our best advice is to stay out of tools or websites asking for your google username/password until google / G+ team releases a new api that systematically uses OAuth to submit or post content to Google+ (without sharing your google account credentials).

+ There are no comments

Add yours