G Suite Marketplace Apps are “applications that can be added to an entire domain or to individual G Suite accounts.”
They integrate with the Admin console and make it easy to complete common tasks (mail merges, form publishing, password management, etc.) or connect to frequently used apps like Dropbox or Zoom.
And, they have a “bonus” feature: They want to take over your G Suite!
That’s because installing a G Suite App is an all or nothing proposition. You can’t cherry-pick permissions — installing one requires ceding whatever control of data and functionality the app demands.
There’s no simple way to vet the security expertise behind a given app’s creator (some of these companies are made up of just a few people), but you can mitigate your risk should one of them become compromised:
- Establish an approval process. Adding apps to G Suite needs to be a centralized endeavor.
- Investigate the permissions required. Do you want to install an app that can send emails on your behalf? Read and delete your Google Drive information? (I’m going to suggest “No” on both of these.)
- Install nonessential apps as an “Individual Install” rather than Domain-level. This will scope permissions to a single user.
- Consider creating a user with limited permissions. The installed app won’t be able to see most of your company’s folders while still allowing you to use it.
As with many security challenges, it is often our own actions that open the door to nefarious actors. Make sure you know who’s knocking!