How to Revoke a Malicious OAuth App and Audit the Damage
Have you ever clicked a link to a fun quiz or a "helpful" new tool, and it asked for permission to access your online accounts like Google, Facebook, or Microsoft? That's called granting OAuth (Open Authorisation) access. Most times, it’s perfectly safe, but sometimes, these apps can be sneaky and even malicious. This guide will help you understand how to cut off a dodgy app and check if it’s done any harm.
If you suspect an app is malicious, don't delay! The sooner you revoke its access, the less chance it has to cause further problems.
Recognising a Malicious App
It can be difficult to tell if an app is malicious right away. Often, you might not notice anything out of the ordinary when you first grant access. However, there are some tell-tale signs that an app might be up to no good.
- Unexpected emails or posts on your behalf.
- Messages from friends asking about strange activity from your account.
- You notice unfamiliar files appearing in your cloud storage (like Google Drive or OneDrive).
- Your account settings have changed without your permission.
Finding and Revoking Access to Suspicious Apps
The first step is to cut off the app's access to your accounts. This immediately stops it from doing anything further. You'll need to do this for each account you may have connected to the app.
- For Google: Go to your Google Account, then "Security" > "Third-party apps with account access." Find the app and click "Remove Access."
- For Facebook: Go to "Settings & Privacy" > "Settings" > "Apps and Websites." Find the app, tick the box next to it, and click "Remove."
- For Microsoft: Go to your Microsoft account "Privacy dashboard," then "Apps and services that can access your data." Find the app and click "Remove these permissions."
Changing Your Passwords and Reviewing Security Settings
Even after you've revoked access, it's a good idea to change your passwords for any affected accounts. This adds another layer of security in case the app managed to steal your login details before you cut it off. While you're there, quickly check your basic security settings.
- When changing your password, choose a strong, unique one.
- Ensure Two-Factor Authentication (2FA) is turned on for all your important accounts. This means you'll need a code from your phone as well as your password to log in.
- Check your recovery email and phone numbers are up to date.
Checking for Unauthorised Activity
Now that you've secured your accounts, it's time to play detective and see if the malicious app did any damage. This might take a little time, but it's important for your peace of mind and to understand the extent of the problem.
- Review your sent emails, social media posts, and messages for anything you didn't send.
- Check your cloud storage (like Google Drive, Dropbox, iCloud) for unfamiliar files or deleted items.
- Look at your account's activity log or history for unusual login locations or times.
- Review your financial accounts (bank, credit cards) for any suspicious transactions, especially if you linked them to the affected online account.
Cleaning Up the Damage and Reporting the App
If you find any unauthorised activity, you'll need to clean it up. Delete any strange posts or files. If money has been stolen, contact your bank immediately. You should also report the malicious app to the platform it was on (Google, Facebook, etc.) to help protect others.
Key takeaway
Taking quick action to revoke access and review your accounts is key to limiting harm from a malicious app. By following these steps, you can regain control and protect your online life from future threats. Stay vigilant about what apps you allow to connect to your accounts, and remember that your digital security is always worth protecting.