Tech Tips: A Step-by-Step Guide to Securing Your Gmail from Third-Party Apps

Thu, February 19, 2026 3:03 PM | Anonymous member (Administrator)

It's important to periodically review Oauth access granted to various third-party apps from your gmail account.

WHAT IS OATH ACCESS AND HOW DOES IT GRANT THIRD-PARTY APP ACCESS?

  • When faced with a decision to login to an app - we are presented with an option to either create a username and password or use our google/gmail account credentials to login.
  • To reduce the cognitive overload of having to remember yet another username+password combination, we opt to login using our existing google/gmail credentials. 

WHY IS IT IMPORTANT TO PERIODICALLY REVIEW THE ACCESS GRANTED TO THIRD-PARTY APPS?

  • If a connected app is breached, attackers can access whatever Gmail‑related data that app stored or can still access via its token.
  • If someone compromises your Google account, they can also use “Sign in with Google” relationships and existing tokens to pivot into many other services. 

HOW DO I REVIEW MY THIRD-PARTY APPS?

  • Step1: Go to https://myaccount.google.com/permissions (or My Account → “Third‑party connections”) 
  • Step 2: Click each individual app/service and choose “Delete all connections you have with app” to revoke an existing OAuth token of those apps that no longer serve you. 

BELOW IS AN EXAMPLE FLOW WITH SCREENSHOTS

1. I granted Oauth access to an app called Zapier.


2. I reviewed the access I granted to various third-party connections on my google account

3. Below I can see that I granted access to three different apps.



4. I clicked on the app and selected “Delete all connections you have with app.”



5. Confirm to delete the token (connection with the app). This does not delete your actual gmail account.

Remember safely granting OAuth access is about minimizing trust and scope: only connect apps you truly need, give them the least data necessary, and keep their access easy to revoke.

When possible, choose options that share a limited subset of data (for example, just Calendar, or basic profile), instead of full account access

For more tips on Data Privacy, please follow me, Swati Popuri, on Linkedin and subscribe to my newsletter Privacy Pointers on Substack.
Powered by Wild Apricot Membership Software