https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/API-controls-Trust-internal-apps-and-Apps-Script/m-p/109878#M3374 <P>Appreciate the information. Keeping an eye on this myself.</P><P>Were you able to isolate any of the files running App Script, and if so, see what exactly it was doing?</P> Wed, 20 Nov 2024 15:20:03 GMT Brodie_McBeath 2024-11-20T15:20:03Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/API-controls-Trust-internal-apps-and-Apps-Script/m-p/109205#M3356 <P>Hi all! I made a fun discovery today. When we went over our 3rd Party API controls in advance of Oct 23 of 2023 change, I either missed this "Trust internal apps" under the&nbsp;Internal apps section of the API controls or it didn't exist at that time. One way or another, it appears that the&nbsp;Apps Script section is considered an internal app. I have two student accounts who have been sending so much spam that our archiver/self harm review company alerted us and shut down flow of their accounts. Either a student is doing something nefarious or whomever hacked their accounts is doing something via an apps script. I have a case open with Google and will report back but wanted to share in case anyone else had insight or experience with this, thanks!</P> Mon, 18 Nov 2024 21:21:35 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/API-controls-Trust-internal-apps-and-Apps-Script/m-p/109205#M3356 mpartenope4676 2024-11-18T21:21:35Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/API-controls-Trust-internal-apps-and-Apps-Script/m-p/109877#M3373 <P>So update to this. The Apps Script is apparently a sub service of Drive and Docs. I just turned it off for everyone. We'll see who's been using it for good soon I guess. But I heard back from Google and there is ZERO way to get a report of the apps out there. Closest I could come was using the Drive Log Events under Audit and investigation to search for Google Scripts as the Document Type. Meanwhile, the logins and action were taken from a Moroccan IP according to&nbsp;talosintelligence.com but we have context aware to only allow access from the US, so I don't get how this happened! <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span> I've asked Google to help me with that one.</P> Wed, 20 Nov 2024 15:07:37 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/API-controls-Trust-internal-apps-and-Apps-Script/m-p/109877#M3373 mpartenope4676 2024-11-20T15:07:37Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/API-controls-Trust-internal-apps-and-Apps-Script/m-p/109878#M3374 <P>Appreciate the information. Keeping an eye on this myself.</P><P>Were you able to isolate any of the files running App Script, and if so, see what exactly it was doing?</P> Wed, 20 Nov 2024 15:20:03 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/API-controls-Trust-internal-apps-and-Apps-Script/m-p/109878#M3374 Brodie_McBeath 2024-11-20T15:20:03Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/API-controls-Trust-internal-apps-and-Apps-Script/m-p/111071#M3413 <P>Unfortunately not, but only cause I'm useless at scripting. One of the things the script would do was check the daily sending limit though. Then it would try to email random short codes to various gmail accounts. I copied the contents into a text file, removed authorization from the user section of the account in the admin console. Then I deleted the app in the apps script section. We then turned the service off completely.</P> Tue, 26 Nov 2024 17:08:03 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/API-controls-Trust-internal-apps-and-Apps-Script/m-p/111071#M3413 mpartenope4676 2024-11-26T17:08:03Z