Tiller Money Labs add-on incompatible with Google Advanced Protection?

Get Help Workflows & Tools
, ,
#1

I have Google Advanced Protection enabled on my Google account. Among other things, this prevents me from installing add-ons that have permission scopes that are considered excessive enough to be considered a security risk for my account. It looks like the Tiller Money Labs add-on is one such add-on. Are there any plans to tighten the permissions on this add-on so that those of us that have our accounts locked down a little more tightly can use it? Or am I just out of luck?

Authorization Error
Error 400: policy_enforced
Advanced Protection prevented your Google Account from signing in. This security feature stops most non-Google apps and services from accessing your data to keep your account protected.

#2

Interesting.

It’s true that the Tiller Money Labs add-on uses broader scopes than the Tiller Money Feeds add-on. We would prefer to use narrower scopes but, to enable the quick-prototyping nature of the Tiller Money Labs add-on and also implement the sheet-insertion capability, we needed the https://www.googleapis.com/auth/spreadsheets (where the Tiller Money Feeds add-on uses https://www.googleapis.com/auth/spreadsheets.currentonly).

We work hard to limit the scopes of the Tiller Money Feeds add-on because it is essential to run our core subscription product. Because the Tiller Money Labs add-on is an optional grab-bag of experimental features, the required scopes are less constrained.

We are reworking our add-on ecosystem to address concerns like the one you raise. That said, these changes are significant and will take time to implement properly. So, unfortunately, there are no imminent solutions to address this.

1 Like
#3

If I remember correctly, the Tiller addons are not signed. Would that make a difference?

#4

Thanks, totally appreciate the situation and I fully acknowledge that my choice to lock my account down more than a typical account sometimes has these outcomes. I appreciate the response. Looking forward to continuing my Tiller explorations!

#5

That’s right @dmn, you can’t use the Labs add-on if you have Advanced Protection turned on for your Google Account. This is expected.

One way you can “work around” it if you choose and want to explore the add-on would be to use a separate (perhaps brand new) Google Account that doesn’t have sensitive information you’re trying to protect where Advanced Protection is not turned on. The Labs add-on does not care which Google Account you use (e.g. you don’t have to use it with your Tiller Money subscribed Google Account like you do with the Tiller Money Feeds add-on).

@aronos, I don’t think it would help if they were signed as Google has built their ecosystem intentionally to prevent add-ons that have broad scopes like the Labs add-on from running in an account that has Advanced Protection turned on.

2 Likes