Permissions required for the Zoom for Google Workspace calendar add-on

Hi there,

We’re looking to add the Zoom for Google Workspace calendar add-on for our entire Google domain, before doing so we’re investigating the security aspect of the add-on, specifically the permissions / access required when enabling the app. Your support team (ticket #14265070) recommend I contact you via this forum.

The access requested list associated with the app is quite extensive (see attached) and some of the requirements seem broad when considering the functions of the app. Could you please send across details regarding the following access requests that the app makes?

View your email messages when the add-on is running
Allow this application to view your email messages when the add-on is running Access is temporary; only available to the add-on when it is running within an opened email

Does the above ‘view your email messages’ access only apply to an email that the Zoom-app interacts with or is it technically possible for the app to view all emails?

See and download any calendar you can access using your Google Calendar
This app wants permission to
See your personal calendar and any other calendars you can access
See events on your personal calendar and on other calendars you can access
Download a copy of your personal calendar and any other calendars you can access
See the email addresses of the contacts or groups you share calendars with Your calendar and other calendars you can access may contain info, like daily schedules, personal contacts, and private appointments.

See and download your contacts
This app wants permission to:* See and make a copy of your Google Contacts Your contacts may include the names, phone numbers, addresses and other info about the people you know.

See and download your organization’s GSuite directory
This app wants permission to:* See your organization’s directory

  • Download your organization’s directory Your organization’s GSuite directory data may include mailing addresses, email addresses, names, organizations, phone numbers, photos, and other data.

Connect to an external service
Create a network connection to any external service (e.g., to read or write data)

Allow this application to run when you are not present
Allow this application to run when you are not present

Thanks in advance for any assistance you can provide.

Kind regards,

Alex

Hi @alex_jensen ,

Thanks for your inquiry. I’m looking to get in touch with some integrations SMEs to provide more insight here.

Please follow up by @'ing me if you do not hear back in 48 hours.

Gianni

1 Like

Thanks Gianni, I appreciate you getting back to me. I’ll reach out next week if I don’t hear back.

Hi @alex_jensen,

Please see the following responses:

Let me know if this helps clear things up!

Hi Gianni,
Thanks for gathering these responses, much appreciated.
Open ended permissions requests at the Google end, such as " See and download your contacts" are still very concerning, but perhaps the issue here is the way in which Google words the permissions required to the person adding the add-on (i.e. the end user / Google admin) rather than the data that is actually being requests / used by the developer, which according to the answers provided isn’t as open ended as it sounds.
Cheers,
Alex