security audit

LiveAgent passed Google’s security audit

Oliver Stasinszky

Oliver Stasinszky

Last modified on February 28, 2021 at 6:45 pm

Completing Google’s security audit

In October 2019 Google announced that it was taking extra security measures for apps built on top of the Gmail API. All software vendors who use a “restricted” or “sensitive” Gmail API scope would be subject to a third-party security audit which would cost them anywhere between $15,000 – $75,000. It seems Google implemented these security audits as a direct result of its $56 million dollar fine from the EU’s regulatory bodies for violating GDPR policies. As a result, Google shifted security responsibilities to developers.

What did the audit entail?

The audit entailed a limited penetration test and document review of the LiveAgent application. The third-party security auditors (Leviathan) assessed the application, supporting infrastructure and our staff’s answers in a self-assessment questionnaire. Leviathan verified the application’s use of the following restricted Google API scope:

  • (includes any usage of REST, IMAP, SMTP, and POP3 protocols)
two people standing under security cameras

Why did we do the audit?

LiveAgent had to pass the Google Cloud Platform OAuth API Verification audit because our users utilize Gmail/Gsuite accounts. If LiveAgent users logged into our app and it wasn’t considered ‘safe’ by Google, Google would disconnect our user’s Gmail/Gsuite from their Liveagent dashboard. In this sense, our users wouldn’t be receiving emails into their LiveAgent dashboard, and that would defeat the purpose of having a universal inbox.

When did we do the audit?

LiveAgent completed the audit in December 2019 and received passing results on January 7th, 2020.

What were the results of the audit?

The results of the audit were great, we passed! According to our received report, [Leviathan] “confirms that the testing of the LiveAgent application and supporting infrastructure has been completed and that all issues with a Critical or High-risk finding have been remediated.”

Worried about your customer’s data?

Make the switch to LiveAgent help desk software today! We offer state-of-the-art security and comply with Google, GDPR, and ISO equivalent standards.

Our website uses cookies. By continuing we assume your permission to deploy cookies as detailed in our privacy and cookies policy.