Tighter Security for Third-Party app Usage at Ryerson
Ryerson has created a list of third-party apps that can be used with Ryerson Google accounts. If you currently use a third-party app that is not part of this list, the app will no longer work with your Ryerson credentials starting February 20, 2018.
Applications in this list are not recommended. No privacy or security assessments have been done on them and they should not be used to hold university records without a prior privacy and security assessment.
What does “third-party app” mean and why is Ryerson concerned about them?
Third-party applications are websites, standalone applications, operating systems, web browser plugins or mobile apps not created by Google.
Some of these third-party apps use “Oauth authentication”, meaning they allow you to sign up with your Ryerson credentials. However, doing so creates a security risk for your private information since “Oauth” lets the app access your data on Ryerson Gmail, Drive, Calendar or Contacts.
We began compiling a list of approved apps in response to a sophisticated attack on Google users worldwide. Here at Ryerson, the scam briefly compromised 601 accounts. Even though no data was stolen, it’s important to be able to block access from apps that try to hijack accounts.
List of approved apps
Ryerson’s list of third-party apps includes 500 of the most commonly used apps. Here’s an overview of what we currently block and what will change as of February 20, 2017:
- all third-party apps found in the G Suite Marketplace
- all add-ons found in the menus of Google Docs, Google Forms, etc.
To be blocked by February 20, in addition to the above
- all non-Google Oauth authentication apps requiring access to your Ryerson Gmail, Drive, Calendar and Contacts, except those on Ryerson’s approved third-party apps list
Currently allowed for use at your own risk
- web browser extensions and plugins for Google Chrome (although your Ryerson credentials may not work if the app uses Oauth authentication)
- apps that don’t require access to your data
If you have any questions, or if you feel a third-party application you need for your role is missing from the list, please contact the Computing and Communications Services (CCS) Help Desk at firstname.lastname@example.org or 416-979-5000, ext. 556806.