Websites such as www.twoo.com, netlog.com, zorpia.com have an internal setting / script in place with which they can access a customer's contacts and show them later if there are any other friends of that customer who are already on the site. They do not use any kind of Google API or OAuth access permission for doing so. All they have is my gmail address and password, which are the same on twoo or netlog. I created a test ID to check this and saw that twoo.com accessed my contacts (see screenshot attached) without any access permission from me. How is this possible? What kind of script might have been used here? View attachment 113563 View attachment 113564 And why did I not get any alert from Google?
How do you know they are not using the API and if they are not connecting to your account, why not? Could they just been screenscraping or using Google Takeout?
I basically mean to say that I did not authorize anybody to acess the contacts. I created this test account to test this on Twoo and prove they are doing this. I had doubts when invitations were sent to friends from my name previously.
I am sorry, I dont get you? I have explained everything in detail. The issue is how is Twoo able to access my Gmail without my explicit permisison or authorization. If you know how this works, you will understand.
The password entered at the time of creating account with Twoo was same as my Gmail password. This helped it access my account.