I've seen other questions who shared this same issue here and here, but the solutions are not working for us. Our users are confused with the checkboxes since they haven't seen them on other apps before and it's making them more paranoid about the access they give.
Our app requires contacts and calendar read-only access to function, and i've tried many tricks mentioned by others but none of them worked:
- We added email, profile, openid in Cloud Console scopes, the checkboxes still appear
- We split login from authorization access, the checkboxes still appear.
Are we missing anything? It seems if we only ask for 1 permission, it might solve the problem, but it's too inconvenient to ask the user to open 3 popups to authorize access.
Feedback to Google Team:. Granular permissions are definitely in the right direction for user privacy, but:
- Process penalizes apps with granular permissions (e.g. if i ask for all calendars.readonly, and events.readonly, those force to show 2 checkboxes, whereas if i ask for only 1 super permission like Calendly's "edit/manage/delete all calendars and events", it doesn't show a checkbox.
- Introduces a lot of inconvenience and unnecessary fear for the user.
- Not all apps have the same granular permissions, and it's rewarding old apps (like Calendly) who are not yet impacted by granular permissions, whereas new apps are inherently disadvantaged.
Ideas:
- Allow app developers to select which permissions are optional vs required
- Add an explanation field that shows the utility next to each permission requested to the end-user, and this could be added to the app review process for sensitive scopes.
- Make authorizing new permissions super fluid 1-2 clicks away, instead of opening a popup. Think how mobile apps ask for contacts permission, it's granular, contextual and only 1 click away.
