Gmail contacts extractor

Discussion in 'Programming' started by ravemittal, Jun 25, 2013.

  1. #1
    Websites such as www.twoo.com, netlog.com, zorpia.com have an internal setting / script in place with which they can access a customer's contacts and show them later if there are any other friends of that customer who are already on the site. They do not use any kind of Google API or OAuth access permission for doing so. All they have is my gmail address and password, which are the same on twoo or netlog.

    I created a test ID to check this and saw that twoo.com accessed my contacts (see screenshot attached) without any access permission from me. How is this possible? What kind of script might have been used here? View attachment 113563 View attachment 113564 And why did I not get any alert from Google?
     

    Attached Files:

    ravemittal, Jun 25, 2013 IP
  2. dulcificum

    dulcificum Active Member

    Messages:
    535
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    68
    #2
    How do you know they are not using the API and if they are not connecting to your account, why not? Could they just been screenscraping or using Google Takeout?
     
    dulcificum, Jun 25, 2013 IP
  3. ravemittal

    ravemittal Active Member

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    56
    #3
    I basically mean to say that I did not authorize anybody to acess the contacts. I created this test account to test this on Twoo and prove they are doing this. I had doubts when invitations were sent to friends from my name previously.
     
    ravemittal, Jun 25, 2013 IP
  4. dulcificum

    dulcificum Active Member

    Messages:
    535
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    68
    #4
    What valid reason would they have for needing your password though?
     
    dulcificum, Jun 25, 2013 IP
  5. ravemittal

    ravemittal Active Member

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    56
    #5
    I am sorry, I dont get you? I have explained everything in detail. The issue is how is Twoo able to access my Gmail without my explicit permisison or authorization. If you know how this works, you will understand.
     
    ravemittal, Jun 25, 2013 IP
  6. ravemittal

    ravemittal Active Member

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    56
    #6
    The password entered at the time of creating account with Twoo was same as my Gmail password. This helped it access my account.
     
    ravemittal, Jun 25, 2013 IP