25

The same (or similar) topic was already covered on Ask Ubuntu some time ago:

Ubuntu 17.04 Chromium Browser quietly provides full access to Google account

I just performed a new clean installation of Ubuntu 16.04. To my surprise, the "Ubuntu app" was still showing up and has full access to my Google account. I don't understand why, it's quite frustrating. What is this? I have not given "Ubuntu" such permission.

Might it be some malicious code? Might this malicious code come from some of the Chromium extensions I have installed, which re-install themselves when I'm starting up and logging in with Chromium for the first time?

I have installed Chromium by using the terminal: sudo apt-get install chromium-browser

screenshot

Also, the Ubuntu URL is "http://" and not the official "https://".

Amin Soheyli
  • 139
  • 1
  • 9
Energeiai
  • 673
  • 1
  • 7
  • 10
  • 1
    Perhaps your browser are synced to an online profile storage! – George Udosen Dec 25 '17 at 11:08
  • 3
    Possible duplicate of [Ubuntu 17.04 Chromium Browser quitly provides full access to Google account](https://askubuntu.com/questions/915556/ubuntu-17-04-chromium-browser-quitly-provides-full-access-to-google-account) – vidarlo Dec 25 '17 at 11:13
  • This question was posted 1 month ago. How could my question, posted 9 onths ago be marked as duplicate? https://askubuntu.com/questions/915556/ubuntu-17-04-chromium-browser-quietly-provides-full-access-to-google-account – Denis Feb 16 '18 at 06:56

2 Answers2

18

"Why does Ubuntu have full access to your Google account?" Well, the answer is quite obvious here. You did not remove the specific access from within your Google account before installing the system.

Additionally, the entry gets created when you sign in to Google from within the Chromium browser; as Chromium is part of Ubuntu when installed from the repos, it shows as Ubuntu in the Google account.

On other Linux distributions the entry gets named in a different way, for example, when you sign in to Google with the Chromium browser on Fedora, the entry getting created is called 'Chromium Fedora'.

chromium-fedora

The reason why it shows a 'http' entry might be, that the web address that is relevant for the account setup is (still) not 'https' by default. Anyway, nothing to worry about - there is no malicious code at all.

When you want to revoke the access, just open "My Account" in a web browser, go to tab "Sign-in & security", go to "Apps with account access" and then click on "Remove Access" in the Ubuntu entry.

Of course the entry gets re-created once you sign in again with Chromium and grant the application access to your Google account. Please note that it happens by design and so is expected behavior.

cl-netbox
  • 30,845
  • 7
  • 93
  • 131
  • 14
    This is very unethical implementation of Chromium. – Denis Feb 16 '18 at 06:58
  • 5
    To be clear, does this actually grant full access to your google account to fedoraproject (or ubuntu in the case of ubuntu), or just to the chromium app on that system? If it does indeed grant access, that is a major violation of Principle of Least Authority and borderline malicious. If not, it is confusing UX that needs to be cleaned up IMO. – snapfractalpop Jan 14 '19 at 02:41
  • I guess the question is, why doesn't google-chrome-stable show up the same way? (or is that implicit in the google-google connection?) – Tom Feb 03 '19 at 20:49
  • And also, whos the very smart software programmer opted to implement chromium in this very secure way? – Denis Apr 11 '19 at 02:58
  • @TomH google-chrome-stable shows up under "Google apps" because that is an official Google program. [Google Chrome in Apps with access to your account](https://imgur.com/8jKRowI) – Mateusz Stachowski May 01 '20 at 11:45
6

Disallow Chromium itself from logging into your Google account. If you don't, simply logging into any Google App will also log Chromium itself into your google account with full access.

I suspect, if you are logged into your google account, with your web-browser itself (and not just at the web page-level), that would be a huge step toward facilitating Google to monitor all the non-google sites you visit. I'm sure the angels at google would never think of that, but I'm just saying that browsing the web with a web browser that's logged into Google seems closer to this possibility than browsing the web with a browser not logged into Google (at the browser-level).

To disallow, see first red box below: enter image description here

After this, go here and remove any 3rd Party applications for which you do not want to grant google-account access: https://myaccount.google.com/security-checkup/

Additionally, if you care about privacy, I'd advise you to read each and every setting in the screenshot above (in your own Chromium) and always review them each time you install Chromium.

Lonnie Best
  • 2,174
  • 2
  • 32
  • 42
  • 2
    Thanks, I really did wonder why I had my user icon in Chromium when I didn't actually explicitly sign in in the Chromium UI, only logged into Gmail. And after several weeks also noticed the "full access" in Google Account settings to find your answer here. – Ruslan Jun 01 '19 at 18:14