How to Spot a Suspicious Connected App on Your Account
Have you ever signed into a new app or website using your Google, Apple, or Facebook account? This convenient feature, called OAuth, can sometimes be a sneaky way for scammers to get long-term access to your information, even if you change your password. Let's find out how to spot and remove these suspicious connections.
Connected apps can maintain access to your account even after you change your password. Regularly checking and revoking access is crucial for your online safety.
What are connected apps and why are they a risk?
When you use your social media or email account to sign into another app or website, you're giving that app permission to access certain information. This is super handy because you don't have to create a new username and password for every service.
The risk is that these permissions, or "grants", can sometimes be abused. If a connected app is dodgy, or if the company behind it gets hacked, your personal information could be exposed. What's more, these connections often survive a password change, so a scammer could keep accessing your account without you realising.
Signs a connected app might be suspicious
It's not always obvious when an app is up to no good. However, there are some tell-tale signs that should make you think twice about a connected app. Trust your gut feeling if something seems off.
- You don't recognise the app or website name.
- The app is asking for far more permissions than it needs (e.g., a simple game asking to manage your email).
- You're seeing unexpected posts or activity on your social media that you didn't create.
- You're receiving an unusual amount of spam or phishing emails.
- The app's reviews are overwhelmingly negative or mention suspicious behaviour.
How to check connected apps on your Google Account
Google makes it relatively easy to see and manage what apps are connected to your account. It's a good habit to check this list every few months, or if you ever suspect something is wrong.
- Go to your Google Account (myaccount.google.com).
- In the navigation panel on the left, click 'Security'.
- Scroll down to 'Third-party apps with account access'.
- Click 'Manage third-party access' to see a list of all connected apps.
- Click on any app you don't recognise or no longer use, then click 'Remove Access'.
How to check connected apps on your Facebook Account
Facebook, now Meta, also keeps a record of all the apps and websites you've logged into using your Facebook account. Regularly reviewing this list is just as important as on Google.
- Log into Facebook and click on your profile picture in the top right corner.
- Go to 'Settings & Privacy', then 'Settings'.
- In the left-hand menu, click 'Apps and Websites'.
- Review the list of 'Active' apps. For any app you no longer use or don't recognise, tick the box next to it and click 'Remove'.
- Consider also checking the 'Expired' and 'Removed' tabs to ensure everything looks as expected.
How to check connected apps on your Apple ID
If you use 'Sign in with Apple', you also have a list of apps that are connected to your Apple ID. This is a great privacy feature, but it still requires occasional review.
- Go to 'Settings' on your iPhone or iPad.
- Tap your name at the top to access your Apple ID settings.
- Tap 'Password & Security', then 'Apps Using Apple ID'.
- Review the list of apps. If you see an app you no longer want connected, tap on it and then tap 'Stop Using Apple ID'.
Key takeaway
Taking a few minutes to review your connected apps can save you a lot of hassle and protect your personal information in the long run. Make it a regular habit to check these settings on your main online accounts. Stay safe out there!