In October 2019 Google announced that it was taking extra security measures for apps built on top of the Gmail API. All software vendors who use a “restricted” or “sensitive” Gmail API scope would be subject to a third-party security audit which would cost them anywhere between $15,000 – $75,000. It seems Google implemented these security audits as a direct result of its $56 million dollar fine from the EU’s regulatory bodies for violating GDPR policies. As a result, Google shifted security responsibilities to developers.
The audit entailed a limited penetration test and document review of the LiveAgent application. The third-party security auditors (Leviathan) assessed the application, supporting infrastructure and our staff’s answers in a self-assessment questionnaire. Leviathan verified the application’s use of the following restricted Google API scope:
LiveAgent had to pass the Google Cloud Platform OAuth API Verification audit because our users utilize Gmail/Gsuite accounts. If LiveAgent users logged into our app and it wasn’t considered ‘safe’ by Google, Google would disconnect our user’s Gmail/Gsuite from their Liveagent dashboard. In this sense, our users wouldn’t be receiving emails into their LiveAgent dashboard, and that would defeat the purpose of having a universal inbox.
LiveAgent completed the audit in December 2019 and received passing results on January 7th, 2020.
The results of the audit were great, we passed! According to our received report, [Leviathan] “confirms that the testing of the LiveAgent application and supporting infrastructure has been completed and that all issues with a Critical or High-risk finding have been remediated.”
Be the first to receive exclusive offers and the latest news on our products and services directly in your inbox.
We appreciate your recent sign up for a LiveAgent.
A message will be sent to your email address containing login details, right after your account is installed.
If you wait for a while, after installation is complete you will be able to access your account directly from here.
After the process is over, we will send the login details to your mailbox.