This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Hi all! I made a fun discovery today. When we went over our 3rd Party API controls in advance of Oct 23 of 2023 change, I either missed this "Trust internal apps" under the Internal apps section of the API controls or it didn't exist at that time. One way or another, it appears that the Apps Script section is considered an internal app. I have two student accounts who have been sending so much spam that our archiver/self harm review company alerted us and shut down flow of their accounts. Either a student is doing something nefarious or whomever hacked their accounts is doing something via an apps script. I have a case open with Google and will report back but wanted to share in case anyone else had insight or experience with this, thanks!
So update to this. The Apps Script is apparently a sub service of Drive and Docs. I just turned it off for everyone. We'll see who's been using it for good soon I guess. But I heard back from Google and there is ZERO way to get a report of the apps out there. Closest I could come was using the Drive Log Events under Audit and investigation to search for Google Scripts as the Document Type. Meanwhile, the logins and action were taken from a Moroccan IP according to talosintelligence.com but we have context aware to only allow access from the US, so I don't get how this happened! 😞 I've asked Google to help me with that one.
Unfortunately not, but only cause I'm useless at scripting. One of the things the script would do was check the daily sending limit though. Then it would try to email random short codes to various gmail accounts. I copied the contents into a text file, removed authorization from the user section of the account in the admin console. Then I deleted the app in the apps script section. We then turned the service off completely.
