Table of contents
Google Workspace for Education applications and Google Chrome extensions are used to add functionality to Google services and the Chrome web browser that are not already provided. Google has kept the Chrome Web Store and Google Workspace for Education Marketplace open for any developer to upload their own applications or extensions. Since this is the case, it is important to take into account the associated security risks when installing applications and extensions from the Google Workspace for Education Marketplace and the Chrome Web Store. The Division of IT (DIT) IT Compliance team performs risk assessments of third party IT products, including Google Workspace for Education applications and Google Chrome extensions. If you would like a product to be reviewed or have any questions about risk assessments, please reach out to IT-Compliance@umd.edu.
Applications vs extensions
Applications can only be installed from the Google Workspace for Education Marketplace but are available to anyone with a Google account. Google Workspace for Education applications are integrated directly into the core Google services like Google Docs, Google Sheets, Google Slides, etc. Extensions can only be installed from the Chrome Web Store. Extensions are integrated into the Chrome web browser and can be accessed from outside of the Google Workspace for Education.
Staying secure on the Google Workspace for Education Marketplace
When installing an application from the Google Workspace for Education Marketplace, access to information on one’s Google account will be requested. The Google products that usually hold the most sensitive information are Gmail, Photos, Drive, Calendar and Contacts. It is essential to read through these permissions requests and make sure only the necessary information is given to the application. The Google support guide provides more information on Google account permissions.
Staying secure on the Chrome Web Store
Chrome extensions can have more access to the data on your device. Google assesses the risk of an extension based on the permissions the extension requests. Below are some of the permissions that may be requested and how they are ranked:
- High
- All of the data on the computer and all the websites visited.
- Medium
- Data on some or all of the websites visited by the user.
- Low
- List of installed applications, extensions and themes
- Bookmarks.
- Browsing History.
- Tabs and browsing activity.
- Physical Location.
- Data that is copied and pasted.