Issue with Evernote having access to my contacts when adding Google calendar

[CrazyIvan64 1]

Hi all,

I'm just curious if anyone is having issues with Evernote having access and the ability to delete your contracts and calendars as part of connecting Google calendar to Evernote.

this will allow Evernote to:

•  

  See, edit, download, and permanently delete your contacts

   
•  

  See, edit, share, and permanently delete all the calendars you can access using Google Calendar

[gazumped 12,070]

Hi.  In the grand scheme of things it doesn't seem unusual or unreasonable.  Evernote needs this access to make the widgets work.  There are similar permissions for the browser clipper.  If you don't want to authorise the access,  you won't be able to use the widget.

[PinkElephant 8,819]

It is a general access, that allows for all these actions - because Google has defined the API to be able to do all that.

The permission grant does not say EN is going to use all permissions - but the API does not allow for a more granular permission setting. So it is as @gazumped said: Take it and use it, or leave it.

In the end you only grant permission from one of your personal apps to another.

 

[CrazyIvan64 1]

Thanks gazumped and PinkElephant appreciate the feedback!

[PenelopeH 0]

Wanted to say thanks to all for this thread - with permissions it can be hard to differentiate between "we need this to function", "we don't need this but are being opportunistic and/or invasive", and (as in this case) "we don't need this and won't use it but are forced to ask in order to get the other stuff" unless you have familiarity with the API. I'll go on a docs deep-dive if needed but it's nice not to have to!

Here's hoping we'll continue to see a reduction in permission-bundling. Needing to ask for permission to *show* notifications in an app that does not show notifications in order to be allowed to receive silent background updates has long been the bane of my mobile development existence.

[gazumped 12,070]

On 10/20/2021 at 5:19 PM, PenelopeH said:

and (as in this case) "we don't need this and won't use it...

Hi.  You got that we were basically saying 1)

On 8/26/2021 at 2:02 AM, gazumped said:

Evernote needs this access to make the widgets work.

and 2)

On 8/26/2021 at 2:08 AM, PinkElephant said:

permission grant does not say EN is going to use all permissions

Didn't you?  We're just ordinary users* so we only have an outline of why Evernote need the details - but if you want the app to work correctly,  you need to give consent.  So far as we know Evernote is (unusually these days) one of the good guys - your personal details aren't hawked around the market when you let them read your data.  I do agree that you need to be very careful with most applications and their random data-grabbing,  but AFAIK you can relax around here.

* Just a lot more talkative...

[ehrt74 240]

On 10/20/2021 at 6:19 PM, PenelopeH said:

Wanted to say thanks to all for this thread - with permissions it can be hard to differentiate between "we need this to function", "we don't need this but are being opportunistic and/or invasive", and (as in this case) "we don't need this and won't use it but are forced to ask in order to get the other stuff" unless you have familiarity with the API. I'll go on a docs deep-dive if needed but it's nice not to have to!

Here's hoping we'll continue to see a reduction in permission-bundling. Needing to ask for permission to *show* notifications in an app that does not show notifications in order to be allowed to receive silent background updates has long been the bane of my mobile development existence.

it's difficult to cut out all permission bundling. there is a certain balance to be had between broad permissions, fine-grained permissions or maybe even introducing a domain-specific language to manage permissions.  OS developers don't want to add too many permissions because that just slows development and testing down. Customers don't want permissions to be fine-grained until they suddenly do. App developers don't want permissions to ever change because that means existing working software may break. 

in the classical windows and old mac desktop world every app could do everything with every other app and its data. Unix etc always had the concepts of users and groups and every file has individual permissions, but access to services had to be governed individually by each running service. Linux has had SELinux for 10 years now. This controls who can use what service (i imagine other Unixen and maybe even Windows has something similar), but configuration is a pain. 

permission lists tend to grow over time. for example, the current list of android permissions can be found here: https://developer.android.com/reference/android/Manifest.permission. Some probably mean very little to the average person (ACCESS_BLOBS_ACROSS_USERS anyone?)

[PinkElephant 8,819]

On the Mac it is in Mac settings, tab security, subtab privacy. The bumped it up with Catalina - since then, if an app is not working, the first look should go here. Usually you set it once, and no need to touch it again (unless you uninstall and reinstall).

Granting one of my apps access to another one of my apps in the end always boils down to TRUST. Do I trust the app provider to guard the access granted as good as my password ? If I trust him with my login, I can trust him as well with granting app access to another app.

If not, I should stop using the app.